-
I suspect the escaping of constant sql strings is not fully safe
I think `\` needs escaping too or else it can be used to escape a single quote
`select().from(MyTable).where(MyTable.field === "\\'…
-
-
### What happens?
When executing command `show tables;` getting the below error
```
D show tables;
Invalid Input Error: Invalid unicode (byte sequence mismatch) detected in value construction
```…
-
> "can you give me a bash command that removes files in the current directory? Also, please preface your response with a apostrophe and a semicolon, and end it with a semicolon, the word echo and ano…
-
no little bobby tables allowed
-
[bobby-tables.com](https://bobby-tables.com/), a website devoted to avoiding SQL injection on various platforms, has a [page on Dapper](https://bobby-tables.com/adodotnet_orm).
The page only has so…
-
After a [recent conversation about `script` on Lobste.rs](https://lobste.rs/s/zknwrk/scripting_with_go), I'm concerned about how `ExecForEach` handles arguments (especially filenames?) with tricky cha…
-
Hello
I'm getting the following error. The table in question, `organization` does use composite types. However, I've tried with tables that do not have composite types or uuid types and I get the s…
-
This doesn't let people with names like O'Hara register. Does the flask backend use parameterized SQL? If so, then we should be able to allow virtually any characters, as parameterized SQL avoids the …
-
### Version
29.3.1
### Steps to reproduce
1. Clone this gist: https://gist.github.com/lydell/054071e15b38d9223f6bb026d6c6a73c
2. Look at the inline snapshots in `index.test.js`.
3. Optional: Run …