Title: Potential Issue with where clauses · Issue #14 · JavaWebStack/orm · GitHub
Open Graph Title: Potential Issue with where clauses · Issue #14 · JavaWebStack/orm
X Title: Potential Issue with where clauses · Issue #14 · JavaWebStack/orm
Description: Currently the .where() method will take the first parameter and put it in back ticks while making the second parameter an value for a prepared statement. This should be okay for the very most cases, but if the user does something odd it ...
Open Graph Description: Currently the .where() method will take the first parameter and put it in back ticks while making the second parameter an value for a prepared statement. This should be okay for the very most cases...
X Description: Currently the .where() method will take the first parameter and put it in back ticks while making the second parameter an value for a prepared statement. This should be okay for the very most cases...
Opengraph URL: https://github.com/JavaWebStack/orm/issues/14
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Potential Issue with where clauses","articleBody":"Currently the `.where()` method will take the first parameter and put it in back ticks while making the second parameter an value for a prepared statement. This should be okay for the very most cases, but if the user does something odd it like trying to put the value first and then the column name it might not work - or worse: It works but is now SQL Injectable.\r\n\r\nAnother issues potential issue is the free choice of the operator which will be simply plugged in between. If the user puts a variable in that place it is another SQL injection potential. I think some option to limit this would be appropriate. \r\n\r\nAnyway the question is: what should it ideally do and what is an acceptable simplification?","author":{"url":"https://github.com/TimothyGillespie","@type":"Person","name":"TimothyGillespie"},"datePublished":"2021-03-21T09:53:30.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/14/orm/issues/14"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:589cc83d-cf88-3eb9-2f7a-73bd777e2bea |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | AF38:2E134A:CC1120:11266E2:697D0773 |
| html-safe-nonce | f11e928bf0353275766d5b1de1e3b9ad50e4b041b61ff11efbba5b59840c09b4 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBRjM4OjJFMTM0QTpDQzExMjA6MTEyNjZFMjo2OTdEMDc3MyIsInZpc2l0b3JfaWQiOiI2Mzg1MTAwNTA1MTY0MzUxMzQ3IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 91e1e6ddb44bdfe47e108a9d14a763b20829132e88c1962a3c4e6c290e0bb6a8 |
| hovercard-subject-tag | issue:837031920 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/JavaWebStack/orm/14/issue_layout |
| twitter:image | https://opengraph.githubassets.com/6a1b88ee709670223d94effda09e23da0cebec3383ef2b971128a6357db5762f/JavaWebStack/orm/issues/14 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/6a1b88ee709670223d94effda09e23da0cebec3383ef2b971128a6357db5762f/JavaWebStack/orm/issues/14 |
| og:image:alt | Currently the .where() method will take the first parameter and put it in back ticks while making the second parameter an value for a prepared statement. This should be okay for the very most cases... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | TimothyGillespie |
| hostname | github.com |
| expected-hostname | github.com |
| None | 82ab524089fe277c33d771c5733c7383effee10e1f09eea2fd04108f9f36da11 |
| turbo-cache-control | no-preview |
| go-import | github.com/JavaWebStack/orm git https://github.com/JavaWebStack/orm.git |
| octolytics-dimension-user_id | 73674659 |
| octolytics-dimension-user_login | JavaWebStack |
| octolytics-dimension-repository_id | 308479502 |
| octolytics-dimension-repository_nwo | JavaWebStack/orm |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 308479502 |
| octolytics-dimension-repository_network_root_nwo | JavaWebStack/orm |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | a48e5723889d629602a0b34d159dcd5fd1651351 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width