Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How safe is helpers concat against SQL injections #886

Closed
ilijaNL opened this issue Jul 24, 2023 · 1 comment
Closed

How safe is helpers concat against SQL injections #886

ilijaNL opened this issue Jul 24, 2023 · 1 comment
Labels
question

Comments

@ilijaNL
Copy link

ilijaNL commented Jul 24, 2023

Hello,

I am currently using pgp.helpers.concat to batch up mutation queries (insert, update, delete) to reduce roundtrips, however since the string is concated into 1 single query without paramaters I wonder how safe it is against SQL injections?
@vitaly-t
Copy link
Owner

vitaly-t commented Jul 26, 2023
edited
Loading

SQL injection is the issue with bad query-parameter escaping, when values are concatenated. This does not extend to queries as such, because you do not pass entire queries as URL parameters, but if you do - the flaw is then by design, no safety there.

Please use StackOverflow or Discussions ere for questions. This is for issues/bugs only.

Repository owner locked and limited conversation to collaborators Jul 26, 2023
@vitaly-t vitaly-t converted this issue into discussion #887 Jul 26, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ilijaNL @vitaly-t