Protection against SQL injections

drogonframework / drogon

Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows

MIT License

11.04k stars 1.06k forks source link

Protection against SQL injections #2039

Closed UInSomnia closed 1 month ago

UInSomnia commented 1 month ago

Hello! Does Drogon offer built-in protection against SQL injections? Or do you need to write the functionality to prevent SQL injections yourself?

hwc0919 commented 1 month ago

No need to worry about injection as long as you use parameter place holders instead of concating full sql.

std::string username = "Jack";
app().getDbClient()->execSqlAsync(
    "select * from users where name = $1",   // $n in pg, $? in mysql
    [](const Result &r) { },
    [](const DrogonDbException &e) { },
    username
);

UInSomnia commented 1 month ago

Спасибо!