Closed Suor closed 7 years ago
@Suor: Due to security concerns? Maybe along with a mention of SQL injection attacks and a link to https://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements ?
Yes, and not only security. People came to me with issues several times when database was not understanding query stringification.
In one case it was even custom type that just db library understands by it's own hooks.
27 окт. 2016 г. 22:23 пользователь "Peter Rust" notifications@github.com написал:
@Suor https://github.com/Suor: Due to security concerns? Maybe along with a mention of SQL injection attacks and a link to https://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/CSNW/sql-bricks/issues/90#issuecomment-256673923, or mute the thread https://github.com/notifications/unsubscribe-auth/AARVx6HLTWjp68OZ_X1YHYVG-2jqvXJRks5q4MIGgaJpZM4Kh7r2 .
@Suor: I see, good to know. I can add something to the "Use" sections on the readme & the docs, as well as a mention in the .toString()
& .toParams()
documentation.
Thanks.
Thanks for encouraging me to do this @Suor, addressed in b38c07b.
Or even suggest that
.toString()
is for debugging purposes only as values are not escaped by actual backend.