I am making a toy example where I make the template for "afmt" be this string:
'afmt': {{FrontSide}}<hr id='answer'>{{Answer}}
However, using single quotes around answer notably gives me a syntax error, meaning this code does not use a prepared statement and hence is vulnerable to a SQL injection. Although I'm pretty sure the stakes here are low, it's an issue worth fixing, since any question or answer template that contains a single quote is rejected.
Thank you very much for making this repo! It's been really useful to me :)
I am making a toy example where I make the template for "afmt" be this string:
'afmt': {{FrontSide}}<hr id='answer'>{{Answer}}However, using single quotes around answer notably gives me a syntax error, meaning this code does not use a prepared statement and hence is vulnerable to a SQL injection. Although I'm pretty sure the stakes here are low, it's an issue worth fixing, since any question or answer template that contains a single quote is rejected.
Thank you very much for making this repo! It's been really useful to me :)