Closed EvanHahn closed 8 months ago
Previously, we ran a query that was basically like this:
db.prepare( `DELETE FROM my_table WHERE id IN (1, 2, 3)` ).run()
Now, we run the query like this:
db.prepare( `DELETE FROM my_table WHERE id IN (?, ?, ?)` ).run([1, 2, 3])
Though I think it was never a problem in practice, this prevents SQL injection attacks if the IDs contained SQL somehow.
Previously, we ran a query that was basically like this:
Now, we run the query like this:
Though I think it was never a problem in practice, this prevents SQL injection attacks if the IDs contained SQL somehow.