-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize inputs #40
Comments
Do you have an idea of how this would be implemented? I'm used to using PDO or having the framework used do this, but not manually |
We could just change special characters to entities before they go into the database and then convert them back when we retrieve them |
Course nice, one, i was thinking of the whole query which is where i was going wrong So i guess the end result would be:
|
Asked in pgc4d and deno-postgres to see if they currently have sanitisation implemented, or any plans to. Mainly because it would save us a job of doing it manually. Note that there is another postgres module mentioned but by no means am i suggestion it, just trying to get as much info as possible |
Author of pgc4d replied here, and they do encode queries when used with placeholders |
Seems like deno-postgres does: |
Postgress currently doesn't, but they do parameterise queries so it means we can strip out logic we have added to do that |
Currently, the postgres plugin doesn't sanitize inputs. We should add logic to sanitize our inputs before they're entered into the database. We have some good validation as a starting point in the
user_model.ts
file. We should expand on our validation efforts.You can test this by following the steps below:
Notice that you're username becomes test.
The text was updated successfully, but these errors were encountered: