We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
i wanna validate whether the sqlx can defend sql injection,and i wrote this below
then cargo check keeps circling and i check all my code again and again in many hours till i delete the code below
i think may sqlx throw an error or panic is the better way to tell coder to write like that is incorrect
thanks,sqlx is a good tool and i love it
let arg = " id ; SELECT 1 -- "; sqlx::query!("SELECT * FROM `test` ORDER BY ?", arg).fetch_all(&dbpool).await;
rustc --version
The text was updated successfully, but these errors were encountered:
SQL injection is a non-issue in this case because query parameters explicitly prevent it. arg is received as a separate string by the database server and is not parsed as SQL. See the FAQ answer I just wrote: https://github.com/launchbadge/sqlx/pull/2997/files?short_path=c7bd425#diff-c7bd425fd98aad1f9fef20099637bcbdcfadeb566ba1f83bb40ce484f195b8cf
arg
Sorry, something went wrong.
thanks, really helpful
No branches or pull requests
Bug Description
i wanna validate whether the sqlx can defend sql injection,and i wrote this below
then cargo check keeps circling and i check all my code again and again in many hours till i delete the code below
i think may sqlx throw an error or panic is the better way to tell coder to write like that is incorrect
thanks,sqlx is a good tool and i love it
Minimal Reproduction
Info
rustc --version
: 1.75.0The text was updated successfully, but these errors were encountered: