You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe Kysely should escape string literals by default, or at least provide an option to handle this. I brought this up before, and escaping was added to identifiers, but I don't believe it was applied to literals.
The text was updated successfully, but these errors were encountered:
As a clarification to anyone reading this, Kysely sends all user input as parameters and there is no chance of SQL injection. Parameters are never concatenated to the SQL.
This issue is about the explicit sql.lit function that allows you to concatenate string values to SQL.
I believe Kysely should escape string literals by default, or at least provide an option to handle this. I brought this up before, and escaping was added to identifiers, but I don't believe it was applied to literals.
The text was updated successfully, but these errors were encountered: