Currently the SQL queries for the SQlite and MySQL backed repositories are created via formatting strings, which leads to SQL injection vulnerabilities. As much as I would like to see a DROP TABLES haiku, changing these to prepared statements would make the system safer.
Currently the SQL queries for the SQlite and MySQL backed repositories are created via formatting strings, which leads to SQL injection vulnerabilities. As much as I would like to see a DROP TABLES haiku, changing these to prepared statements would make the system safer.