Replies: 2 comments
-
|
I think I found the answer here I would like to suggest the documentation should be updated to say that while this library supports moustache templates it's not recommended for security reasons. |
Beta Was this translation helpful? Give feedback.
-
|
I believe from reading the code that named parameters are "emulated" by converting them into numbered parameters, meaning that this mechanism also is safe against injection - is that correct? It would be good if the documentation said this. If someone with knowledge fot his can confirm that's true I'll update the docs and submit a PR, someone let me know. |
Beta Was this translation helpful? Give feedback.
-
Do Numeric Parameter queries use an underlying parameterized query mechanism, or is it just a string replacement? I'm trying to understand how to protect against SQL injection attacks. Using moustache templates to just assemble a query string is very very dangerous
Beta Was this translation helpful? Give feedback.
All reactions