Code Room
Vibe codingEasy
Question
An AI agent wrote this Node.js handler to look up a user by the `email` query param. It runs and returns the right user in your testing. What injection problem should you spot on review, what input would expose it, and how do you fix it without rewriting the whole function?
app.get('/user', (req, res) => { const email = req.query.email; db.query(`SELECT id, name FROM users WHERE email = '${email}'`, (err, rows) => res.json(rows));});What a strong answer looks like
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Learn the concepts
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.
Run or narrate your approach, then ask the coach.