-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is the recommended way to pass untrusted strings to the AST builder? #1447
Labels
question
Further information is requested
Comments
there exists some sugar functions you can consider to use. gluesql/core/src/ast_builder/expr/mod.rs Lines 332 to 371 in 235fd6e
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#1219 is one approach for preventing SQL injection, but since gluesql has the AST bulider, I'm sure there's a safe way to pass untrusted strings into queries. I'm just not sure what that is.
Here's what I've found that "works", but I want to make sure it's the proper approach:
An example showing how to pass untrusted values safely would be greatly appreciated!
The text was updated successfully, but these errors were encountered: