How to sanitize input? #331
Comments
|
I would be interested in something like that. @jmburdette, did you find anything? |
I ended up using python's pyparsing library to split apart the sql into tokens. Using the db client's SQL string composition helpers I reassembled the sql into a sanitized string the db could execute safely. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Could a section on security be added to the readme? In particular how should the input be sanitized before being run against the backend database?
Describe the solution you'd like
Similarly to other backend recommendations, could a suggested way of sanitizing input be given for one of if not all of the query formats?
Describe alternatives you've considered
I'm considering transforming the jsonLogic format into an sql statement. Recursively building the sql while adding placeholders to the sql string and adding input variables to a list. Then passing in the sql string with placeholders and the list of parameters for the db client to sanitize and execute. Are there common libraries that will do this so I can avoid re-inventing the wheel?
The text was updated successfully, but these errors were encountered: