Skip to content

Use SQL parameters instead of string concatenation#426

Merged
windoze merged 1 commit into
mainfrom
windoze/sql-fix
Jul 4, 2022
Merged

Use SQL parameters instead of string concatenation#426
windoze merged 1 commit into
mainfrom
windoze/sql-fix

Conversation

@windoze

@windoze windoze commented Jul 2, 2022

Copy link
Copy Markdown
Member

Use SQL parameters instead of string concatenation to prevent SQL injection.

@Yuqing-cat Yuqing-cat left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall I follow this practice in access control? #409

@windoze

windoze commented Jul 2, 2022

Copy link
Copy Markdown
Member Author

Shall I follow this practice in access control? #409

Yes, you should follow the practice as long as the parameters are passed from external untrusted source.

@blrchen blrchen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@windoze windoze merged commit 8970c87 into main Jul 4, 2022
@xiaoyongzhu xiaoyongzhu deleted the windoze/sql-fix branch August 22, 2022 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants