search

thevahidal / soul

🕉 A SQLite REST and realtime server
https://thevahidal.github.io/soul/
MIT License
1.45k stars 50 forks source link

Protection against SQL injection #130

Closed AbegaM closed 11 months ago

AbegaM commented 11 months ago

PR Sponsored By @IanMayo

Fixes #67

Modifications

  1. Isolated SQL queries to service directory
  2. Added parameterized query for get and getCount features
AbegaM commented 11 months ago

Hello @IanMayo and @thevahidal,

This is a draft PR. Please review it and let me know if there is a better way to implement parameterized queries. Once I receive your feedback, I will update all the queries for the /rows and /table APIs.

IanMayo commented 11 months ago

@AbegaM - could you please consider which parts of this functionality should be included in rows.test.js?

AbegaM commented 11 months ago

@AbegaM - could you please consider which parts of this functionality should be included in rows.test.js?

@IanMayo, I have been considering modifying the test, but I am not sure what exactly needs to be modified. The test suites are working. could you please let me know if you have any suggestions for modifying the tests?

IanMayo commented 11 months ago

@AbegaM - could you please consider which parts of this functionality should be included in rows.test.js?

@IanMayo, I have been considering modifying the test, but I am not sure what exactly needs to be modified. The test suites are working. could you please let me know if you have any suggestions for modifying the tests?

No, I don't have any suggestions. When I was wondering if getMyId could handle both single and multiple keys, I thought maybe we need a test to verify that. But if we already test for retrieving rows for both single and multiple keys, then it is already tested :-D