pop icon indicating copy to clipboard operation
pop copied to clipboard

Published 20 hours ago verified publisher icon gobuffalo

escape sql in sqlbuilder buildOrderClauses

Open u007 opened this issue 7 years ago • 1 comments

hi, i realize its potentially harmful if we do not escape potential sql injection in here

mind if i add it in?

u007 avatar Jun 08 '18 07:06 u007

Not like WHERE, ORDER will not take an argument supplied by external users so the possibility of injection is very low. However, checking them for SQL injection could be an important task.

sio4 avatar Sep 24 '22 09:09 sio4