Ian Mayo

Hello @thevahidal - is `Soul` still secure against SQL injection? Does the use of `db.prepare` protect us against SQL injection attacks?  Aah, I'm no expert at this, but it...

I'm pretty sure that `Soul` currently fails this test: > I understand that if someone dumbly crafts a Statement without parameters for .run() and its friends, they're asking for a...

I'm sure @AbegaM and I can handle the switch to `binding statements`. We can get a draft PR started, for your feedback.

> Thanks, Ian! I’m okay with you taking this on — feel free to open the PR whenever ready. Thanks Vahid, PR here: https://github.com/thevahidal/soul/pull/230

> you need to bump Soul version. Got it, thanks. On my dev machine I need to apply some fixes to get the unit tests working. I'll produce a PR...

The config option successfully avoids the problem. But, we can't rely on the config option remaining available. So, we should fix the issue in the sort order.

@lindaifu - your chances of getting support will be greatly increased if you fill in the issue template that is offered when you click on `New Issue`.