Closed UInSomnia closed 1 month ago
No need to worry about injection as long as you use parameter place holders instead of concating full sql.
std::string username = "Jack";
app().getDbClient()->execSqlAsync(
"select * from users where name = $1", // $n in pg, $? in mysql
[](const Result &r) { },
[](const DrogonDbException &e) { },
username
);
Спасибо!
Hello! Does Drogon offer built-in protection against SQL injections? Or do you need to write the functionality to prevent SQL injections yourself?