hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add a note about escaping as an alternative way to fix these issues.

Browse Source
This commit is contained in:
Geoffrey White
2024-07-30 23:37:26 +01:00
parent 2fd4b57d74
commit 2ed2a76866
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/ql/src/queries/Security/CWE-089/SqlInjection.qhelp
View File

@@ -12,7 +12,7 @@ If a database query (such as a SQL query) is built from user-provided data witho
<recommendation>
<p>
Most database connector libraries offer a way to safely embed untrusted data into a query using query parameters or prepared statements. You should use these features to build queries, rather than string concatenation or similar methods without sufficient sanitization.
Most database connector libraries offer a way to safely embed untrusted data into a query using query parameters or prepared statements. You should use these features to build queries, rather than string concatenation or similar methods. It's also possible to escape (sanitize) user-controlled strings so that they can be included directly in an SQL command, but this approach is only safe if the chosen escaping function is robust.
</p>
</recommendation>