mirror of
https://github.com/github/codeql.git
synced 2026-03-22 15:36:48 +01:00
13 lines
354 B
JavaScript
13 lines
354 B
JavaScript
var express = require('express');
|
|
const sql = require('mssql');
|
|
|
|
var app = express();
|
|
app.get('/post/:id', async function(req, res) {
|
|
// OK
|
|
sql.query`select * from mytable where id = ${req.params.id}`;
|
|
// NOT OK
|
|
new sql.Request().query("select * from mytable where id = '" + req.params.id + "'");
|
|
});
|
|
|
|
// semmle-extractor-options: --experimental
|