Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

escape sql in sqlbuilder buildOrderClauses #116

Open
u007 opened this issue Jun 8, 2018 · 1 comment
Open

escape sql in sqlbuilder buildOrderClauses #116

u007 opened this issue Jun 8, 2018 · 1 comment
Labels
s: triage Some tests need to be run to confirm the issue
Milestone
Backlog

Comments

@u007
Copy link
Member

u007 commented Jun 8, 2018
edited

hi,
i realize its potentially harmful if we do not escape potential sql injection in here

mind if i add it in?
@sio4 sio4 added s: triage Some tests need to be run to confirm the issue security labels Sep 20, 2022
@sio4 sio4 added this to the Backlog milestone Sep 20, 2022
@sio4
Copy link
Member

sio4 commented Sep 24, 2022

Not like WHERE, ORDER will not take an argument supplied by external users so the possibility of injection is very low. However, checking them for SQL injection could be an important task.

@sio4 sio4 removed the security label Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
s: triage Some tests need to be run to confirm the issue
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@sio4 @u007