We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unclear whether updating entity with query builder provides sufficient sanitation / escaping.
Example:
await theDataSource.getRepository(UserEntity) .createQueryBuilder() .update(UserEntity) .set({ firstName: accountData.firstName, lastName: accountData.lastName, phone: accountData.phone, address: accountData.address, city: accountData.city, postalNumber: accountData.postalNumber, country: accountData.country }) // @ts-ignore .where("id = :id", {id: userId}) .execute();
My question: Will the values inside set function be sanitized to prevent SQL injection?
Provide better documenation.
No response
No, I don’t have the time and I’m okay to wait for the community / maintainers to resolve this issue.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
What was unclear or otherwise insufficient?
Unclear whether updating entity with query builder provides sufficient sanitation / escaping.
Example:
await theDataSource.getRepository(UserEntity) .createQueryBuilder() .update(UserEntity) .set({ firstName: accountData.firstName, lastName: accountData.lastName, phone: accountData.phone, address: accountData.address, city: accountData.city, postalNumber: accountData.postalNumber, country: accountData.country }) // @ts-ignore .where("id = :id", {id: userId}) .execute();
My question: Will the values inside set function be sanitized to prevent SQL injection?
Recommended Fix
Provide better documenation.
Additional Context
No response
Are you willing to resolve this issue by submitting a Pull Request?
No, I don’t have the time and I’m okay to wait for the community / maintainers to resolve this issue.
The text was updated successfully, but these errors were encountered: