issues
search
AllenNeuralDynamics
/
aind-metadata-service
Service to retrieve Labtracks/Sharepoint info using a REST API
MIT License
3
stars
1
forks
source link
Feat 189: Validate `subject_id` and parameterize SQL queries
#198
Closed
helen-m-lin
closed
4 months ago
helen-m-lin
commented
4 months ago
closes #189
Added input validation to ensure
subject_id
is alphanumeric with no special characters
Refactor SQL queries and
cursor.execute()
to use parameterized queries with
?
placeholder to prevent SQL injection attacks
pyodbc supports parameterized queries (
docs
)
db driver will receive query and params separately and ensures the server does not treat params as part of SQL code
Updated unit tests as appropriate
closes #189
subject_idis alphanumeric with no special characterscursor.execute()to use parameterized queries with?placeholder to prevent SQL injection attacks