Skip to content

Check queries for prepared statements #136

New issue
New issue
Open
Open
Check queries for prepared statements#136
Assignees
tzinckgraf
Labels
backendenhancementNew feature or requestgood first issueGood for newcomers
@zoobot

Description

@zoobot
zoobot
opened on Mar 20, 2023

Use prepared statements to guard against sql injection.
Good call @tzinckgraf, thanks for bringing this up! I assigned you but feel free to unassign yourself if you'd rather have someone else work on it.

TODO for this issue: check queries to make sure they are PreparedStatements

https://vitaly-t.github.io/pg-promise/PreparedStatement.html

In our code prepared statements can be formatted like this. Note, name must be unique.

const query = {
    name: 'find-source',
    text: 'SELECT * FROM sources WHERE id_source_name =  $1',
    values: idSourceName,
  };

Metadata

Metadata

Assignees

Labels

backendenhancementNew feature or requestgood first issueGood for newcomers

Type

No type

Projects

Water the Trees

Status

Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions