Using Mysql with Nodejs and Express (node-mysql)

Im new to node and express and I have a question regarding using mysql. I have a login form that posts to '/login'. Im using the node-mysql module.

 app.get('/site', function(req, res){
    if (req.session.is_logged_in === true) {
        res.render('site/start', {
            title: 'News'
        });
    } else {
        res.redirect('/');
    }
});

app.post('/login', function(req, res){
    client.query('SELECT id, user_name FROM user WHERE email="' + req.body.login + '" AND password="' + Hash.sha1(req.body.password) + '"',
        function (err, results, fields) {
            if (err) {
                throw err;
            }
            if (results[0]) {
                req.session.userInfo = results[0];
                req.session.is_logged_in = true;
                res.render('site/start', {
                    title: 'News'
                });
            }
            else {
                res.redirect('/');
            }
        }
    );
});

Is this a good way to do it? Can i continue this way? And are the sql querys escaped in some way, or do i have to write that functionality myself?

Last question: Im rewriting a site, and i used the mysql db. Are there any benefits to changing it to mongodb?

Any help would be appreciated

Thanks in advance

George