[{"data":1,"prerenderedAt":182},["ShallowReactive",2],{"blog-blueprints/nextjs-prisma-planetscale":3},{"id":4,"title":5,"body":6,"category":162,"date":163,"dateModified":163,"description":164,"draft":165,"extension":166,"faq":167,"featured":165,"headerVariant":168,"image":167,"keywords":167,"meta":169,"navigation":170,"ogDescription":171,"ogTitle":167,"path":172,"readTime":173,"schemaOrg":174,"schemaType":175,"seo":176,"sitemap":177,"stem":178,"tags":179,"twitterCard":180,"__hash__":181},"blog/blog/blueprints/nextjs-prisma-planetscale.md","Next.js + Prisma + PlanetScale Security Blueprint",{"type":7,"value":8,"toc":152},"minimark",[9,20,23,29,34,49,53,62,66,71,74,77,80,83,86,89,103,140],[10,11,12],"blueprint-summary",{},[13,14,15,19],"p",{},[16,17,18],"strong",{},"To secure a Next.js + Prisma + PlanetScale stack,"," you need to: (1) implement authorization checks in application code since PlanetScale has no RLS, (2) use Prisma's type-safe queries to prevent SQL injection, (3) use PlanetScale branches for environment isolation, (4) store DATABASE_URL securely in environment variables, and (5) use deploy requests for safe production migrations. This blueprint covers server-side authorization patterns with Prisma ORM.",[21,22],"blueprint-meta",{},[24,25,26],"tldr",{},[13,27,28],{},"Prisma provides type-safe queries that prevent SQL injection, but PlanetScale doesn't have row-level security. Key tasks: implement authorization in application code, use PlanetScale branches for environment isolation, store DATABASE_URL in environment variables, and use deploy requests for safe production migrations.",[30,31,33],"h2",{"id":32},"prisma-configuration-prisma-planetscale","Prisma Configuration Prisma PlanetScale",[35,36,38],"code-block",{"label":37},"prisma/schema.prisma",[39,40,45],"pre",{"className":41,"code":43,"language":44},[42],"language-text","datasource db {\n  provider     = \"mysql\"\n  url          = env(\"DATABASE_URL\")\n  relationMode = \"prisma\"  // Required for PlanetScale\n}\n","text",[46,47,43],"code",{"__ignoreMap":48},"",[30,50,52],{"id":51},"application-level-authorization-nextjs","Application-Level Authorization Next.js",[35,54,56],{"label":55},"Ownership checks in API routes",[39,57,60],{"className":58,"code":59,"language":44},[42],"export async function PUT(req: Request, { params }) {\n  const session = await getServerSession(authOptions);\n  if (!session?.user?.id) {\n    return Response.json({ error: 'Unauthorized' }, { status: 401 });\n  }\n\n  const post = await prisma.post.findUnique({ where: { id: params.id } });\n\n  if (post?.authorId !== session.user.id) {\n    return Response.json({ error: 'Forbidden' }, { status: 403 });\n  }\n\n  // Safe to update...\n}\n",[46,61,59],{"__ignoreMap":48},[30,63,65],{"id":64},"security-checklist","Security Checklist",[67,68,70],"h4",{"id":69},"pre-launch-checklist","Pre-Launch Checklist",[13,72,73],{},"DATABASE_URL in environment variables",[13,75,76],{},"Separate branches for dev/prod",[13,78,79],{},"Authorization checks in all routes",[13,81,82],{},"SSL enabled in connection string",[13,84,85],{},"Deploy requests for prod migrations",[13,87,88],{},"No raw SQL with user input",[90,91,92,98],"related-articles",{},[93,94],"related-card",{"description":95,"href":96,"title":97},"With AI tooling","/blog/blueprints/cursor-prisma-vercel","Cursor + Prisma + Vercel",[93,99],{"description":100,"href":101,"title":102},"Deep dive","/blog/guides/planetscale","PlanetScale Security Guide",[104,105,106,111,114],"stack-comparison",{},[107,108,110],"h3",{"id":109},"alternative-stacks","Alternative Stacks",[13,112,113],{},"Consider these related blueprints:",[115,116,117,126,133],"ul",{},[118,119,120,125],"li",{},[121,122,124],"a",{"href":123},"/blog/blueprints/nextjs-supabase-vercel","Next.js + Supabase + Vercel"," - For PostgreSQL with RLS",[118,127,128,132],{},[121,129,131],{"href":130},"/blog/blueprints/t3-stack","T3 Stack"," - Next.js + tRPC + Prisma + NextAuth",[118,134,135,139],{},[121,136,138],{"href":137},"/blog/blueprints/nextjs-firebase","Next.js + Firebase"," - For NoSQL with Firestore",[141,142,145,149],"cta-box",{"href":143,"label":144},"/","Start Free Scan",[30,146,148],{"id":147},"building-with-this-stack","Building with this stack?",[13,150,151],{},"Scan for authorization and query issues.",{"title":48,"searchDepth":153,"depth":153,"links":154},2,[155,156,157,161],{"id":32,"depth":153,"text":33},{"id":51,"depth":153,"text":52},{"id":64,"depth":153,"text":65,"children":158},[159],{"id":109,"depth":160,"text":110},3,{"id":147,"depth":153,"text":148},"blueprints","2026-02-09","Security guide for Next.js + Prisma + PlanetScale stack. Configure database connections, secure API routes, implement authorization, and deploy safely.",false,"md",null,"purple",{"noindex":170},true,"Complete security configuration for Next.js apps with Prisma and PlanetScale.","/blog/blueprints/nextjs-prisma-planetscale","10 min read","[object Object]","Article",{"title":5,"description":164},{"loc":172},"blog/blueprints/nextjs-prisma-planetscale",[],"summary_large_image","FYj8wo7a7ftwraR8r_jcNlQb5swLJ3mDkv1sozJiTAk",1775843932153]