Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

Remove injection into SQL statement #57

Closed
wsargent opened this issue Jul 19, 2017 · 1 comment
Closed

Remove injection into SQL statement #57

wsargent opened this issue Jul 19, 2017 · 1 comment

Comments

@wsargent
Copy link
Member

https://github.com/playframework/play-scala-anorm-example/blob/2.6.x/app/controllers/HomeController.scala#L57

  def list(page: Int, orderBy: Int, filter: String) = Action.async { implicit request =>
    computerService.list(page = page, orderBy = orderBy, filter = ("%" + filter + "%")).map { page =>
      Ok(html.list(page, orderBy, filter))
    }
  }

https://github.com/playframework/play-scala-anorm-example/blob/2.6.x/conf/routes#L9

GET     /computers                  controllers.HomeController.list(p:Int ?= 0, s:Int ?= 2, f ?= "")

means that you can inject your own filter by using an "f" query parameter.
@wsargent
Copy link
Member Author

Filter is not added directly, but is provided in a parameter:

https://github.com/playframework/play-scala-anorm-example/blob/2.6.x/app/models/ComputerRepository.scala#L102

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wsargent