This repository has been archived by the owner on Feb 28, 2022. It is now read-only.
Fix SQL Query Parameterization #21
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There are several SQL queries using un-escaped string concatenation to specify parameters instead of the standard parameter bindings. The risk/consequences of injection seems fairly minimal for this plugin, but these queries should still be updated.
An non-exhaustive list of offending queries:
The text was updated successfully, but these errors were encountered: