wolfy-j
commented
4 years ago Hi,
we totally forgot to copy KT article in DBAL. But you can find one in ORM: https://cycle-orm.dev/docs/query-builder-security
In general:
- all values query passed as prepared statements and should be safe
- discriminator (column, table names) might be whitelisted
- never use
FragmentandExpressionwith user-provided values
diegospm
Hi,
This Builder prevents SQL Injection? Or do we need to escape before using the builder?
I searched for this topic in the docs, but I didn't find.
Thanks!