Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
I've been looking (so far without success) for a way to build a SQL Statement using parameters in Aquascript. This would avoid string concatenation in Aquascript to build the SQL and instead have a prepared statement with parameters. The motive would be to mitigate the risk of a SQL Injection attack when you cannot be confident of the input text safety. Is that an available capability? If so, how do you execute a query with this kind of SQL statement?
Hi Bob,
Executing SQL queries using prepared statements is not supported by AquaScripts. You could look into writing a function that always escapes single quote in the input text. However, this is by no means a bullet proof approach - see https://en.wikipedia.org/wiki/SQL_injection#Escaping.
Issue #15367 |
| Closed |
| Fixed |
| Resolved |
Completion |
| No due date |
| No fixed build |
| No time estimate |
Hi Bob,
Executing SQL queries using prepared statements is not supported by AquaScripts. You could look into writing a function that always escapes single quote in the input text. However, this is by no means a bullet proof approach - see https://en.wikipedia.org/wiki/SQL_injection#Escaping.