How do parameterized queries prevent SQL injection?

By using $1, $2 placeholders, the database driver sends the query structure and the user data separately. This ensures that user input is never interpreted as executable SQL code, neutralizing injection attacks.

Can I use this skill for real-time application features?

Yes, this skill provides implementation patterns for PostgreSQL LISTEN/NOTIFY, which allows the database to push real-time events to your Node.js application with sub-second latency.

Why is it critical to release clients in a finally block?

When you check out a client manually for a transaction, it remains unavailable to the rest of the application. If you don't release it in a finally block, the connection 'leaks' and eventually the pool will starve, causing your app to hang.

Why does this skill mandate pg.Pool instead of pg.Client?

A Pool manages a collection of reusable connections, handling reconnections and enabling concurrency. Using a standalone Client in application code is dangerous because it lacks automatic reconnection and can only handle one query at a time.

PostgreSQL Database Integration

Name: PostgreSQL Database Integration
Author: agents-inc

byagents-inc

•

データベース管理

Implements high-performance, secure PostgreSQL database interactions using node-postgres (pg) with a focus on connection pooling and transaction safety.

This skill empowers developers to build robust PostgreSQL integrations using the node-postgres library. It prioritizes security through mandatory parameterized queries, stability through expert-level connection pool management, and performance through advanced streaming techniques. Whether you are handling complex atomic transactions, real-time LISTEN/NOTIFY events, or massive data processing via cursors, this skill provides the production-grade patterns and error-handling strategies necessary for reliable database operations in Node.js environments.

主な機能

01Memory-safe streaming for massive result sets using pg-cursor and pg-query-stream.

025 GitHub stars

03Secure parameterized query patterns to prevent SQL injection vulnerabilities.

04Real-time database event notifications via the LISTEN/NOTIFY protocol.

05Atomic transaction management with BEGIN/COMMIT/ROLLBACK and automatic client release.

06Efficient connection pool management with pg.Pool and lifecycle handling.

ユースケース

01Building scalable backend services requiring direct, low-level control over SQL execution.

02Implementing complex multi-step financial or data operations requiring strict transaction isolation.

03Processing large-scale data exports or migrations without overloading application memory.

主な機能

01Memory-safe streaming for massive result sets using pg-cursor and pg-query-stream.

025 GitHub stars

03Secure parameterized query patterns to prevent SQL injection vulnerabilities.

04Real-time database event notifications via the LISTEN/NOTIFY protocol.

05Atomic transaction management with BEGIN/COMMIT/ROLLBACK and automatic client release.

06Efficient connection pool management with pg.Pool and lifecycle handling.

ユースケース

01Building scalable backend services requiring direct, low-level control over SQL execution.

02Implementing complex multi-step financial or data operations requiring strict transaction isolation.

03Processing large-scale data exports or migrations without overloading application memory.