Dataverse icon indicating copy to clipboard operation
Dataverse copied to clipboard
Published 5 days ago verified publisher icon multiverseweb

Use Parameterized SQL Queries Instead of String Formatting

Open Shakti13-sys opened this issue 5 months ago • 3 comments

Currently, the application uses direct string formatting to construct SQL queries, such as: "INSERT INTO user VALUES({}, '{}', '{}', '{}')".format(...) This makes debugging very difficult, as no traceback or error details are preserved.

Shakti13-sys avatar Jul 26 '25 19:07 Shakti13-sys

👋 Thank you for raising an issue! We appreciate your effort in helping us improve. A maintainer from Dataverse will review it shortly. Stay tuned!

github-actions[bot] avatar Jul 26 '25 19:07 github-actions[bot]

Hi! I'd like to work on this issue. Please assign it to me.

Shakti13-sys avatar Jul 26 '25 20:07 Shakti13-sys

I have understood the issue and will use parameterized queries to replace direct string formatting for SQL statements.i want to work on that - a gssoc 2025 contributer

SHshreya avatar Jul 28 '25 07:07 SHshreya