iliyan-velichkov
commented
7 months ago use prepared statements to execute the merge queries- https://www.dirigible.io/api/database/update/#basic-usage
private static saveLogEvent(logData: LogData) {
const sql = `insert into LOG_EVENTS ("LOG_SEVERITY", "LOG_MESSAGE", "LOG_TIMESTAMP") values (?, ?, ?)`;
const queryParameters = [logData.severity, logData.message, logData.date];
update.execute(sql, queryParameters, null);
}
All inbound synchronization data which comes from the OpenCart DB should be escaped properly. For example, if you have a column which contains a character
'should be escaped with double'. Like this is done here and used in here. Consider to make a centralized solution which will escape all the special characters which may break the SQL statements.