You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to understand in which scenarios we think using an object's "toString" is a valid conversion for a constant parameter, because it could lead to SQL Injection:
Seems like a valid point... the constant can be used everywhere possible like in where clauses, select columns etc. So it should be escaped if not already
Hello,
I'd like to understand in which scenarios we think using an object's "toString" is a valid conversion for a constant parameter, because it could lead to SQL Injection:
https://github.com/feedzai/pdb/blob/master/src/main/java/com/feedzai/commons/sql/abstraction/engine/AbstractTranslator.java#L245
The text was updated successfully, but these errors were encountered: