Postgres POSIX regular expressions #4183
Replies: 3 comments 6 replies
-
If this is used with variables, linq2db would use SQL parameters and so it's injection-safe, isn't it? If you pass a literal string, it's not injection-safe but as it's a literal string in your code you'd be in full control. |
Beta Was this translation helpful? Give feedback.
-
It seems that Linq2Db already escapes - at least single quotes. So is it already safe to use? .Where(x => MyExpressions.Custom(x.BB, "^asdf.*sdf$' OR 1=1 '")) WHERE x.bla ~* '^asdf.*sdf$'' OR 1=1 ''' = True AND x.bla ~* '^asdf.*sdf$'' OR 1=1 ''' IS NOT NULL |
Beta Was this translation helpful? Give feedback.
-
Ok, the definition of safe in my case would be to be protected against SQL injection apart from manipulating the RegEx in order to extend the number of matches like in your example. Can it then be considered to be safe? |
Beta Was this translation helpful? Give feedback.
-
Is there a built-in way to use POSIX regular expressions?
If not how can this be used SQL injection safe?
Beta Was this translation helpful? Give feedback.
All reactions