Open alexey2baranov opened 6 months ago
It would be great if we have a sanitize() function fo user input tool to prevent SQL injection. Consider this code
{ "anonymousId": some_user_input, "email": "abc@email.com" }
if user sends SQL injection some_user_input= "0\" or something=1 or anonymousId=\"0", then the result will be
{ "anonymousId": "0\" or something=1 or anonymousId=\"0", "email": "abc@email.com" }
and the error output will contain secure information about all available fields.
empty result as there is no such anonymous id "0\" or something=1 or anonymousId=\"0"
and the output will contain secure information about all available fields.
This is classical SQL injection which possibly appears in every user controller where controller expects user input
Provide sanitize() function which prevent SQL injections
Description
It would be great if we have a sanitize() function fo user input tool to prevent SQL injection. Consider this code
if user sends SQL injection some_user_input= "0\" or something=1 or anonymousId=\"0", then the result will be
and the error output will contain secure information about all available fields.
Expected Behavior
empty result as there is no such anonymous id "0\" or something=1 or anonymousId=\"0"
Current Behavior
and the output will contain secure information about all available fields.
Context
This is classical SQL injection which possibly appears in every user controller where controller expects user input
Possible Solution
Provide sanitize() function which prevent SQL injections