I am very new to node.js and mongodb. I have a page getting query strings with
var queries = url.parse(req.url,true).query;
and I write them into database using mongoskin module. Do I have to do something against sql injection?
http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection
You don't need to worry about traditional SQL Injection in MongoDB or any kind of query injection with the code you have above. Only these commands:
will allow execution of JavaScript and would be unsafe if using user-provided data.