Replies: 2 comments 3 replies
-
Is this similar to #3213? |
Beta Was this translation helpful? Give feedback.
2 replies
-
You should not be interpolating SQL queries in the first place. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm wanting to use an SQL injection in python, but can't wrap my head around how to deal with f-string interpolation.
I've seen lots of examples that scan for a long list of SQL keywords, but that does not seem efficient, so I have the injection hook onto the
/*SQL*/
comment tag at the beginning of the string. This is minimal, and also makes it an optional feature.Currently using:
Works great for normal strings, but breaks in f-strings at first interpolation variable. How do I set it so that the f-string interpolation variables act as wildcards for SQL parsing, in a way that it sees the entire query as a single sql query (not multiple queries separated by interpolation variables) without also joining together separate f-strings into a single query.
So the following:
I want to be able to have the syntax highlighting work across the complete f-string, so that treesitter sees this a 2 separate SQL queries, foo and bar.
Does treesitter even support handling this type of templating interrupting an injection?
Beta Was this translation helpful? Give feedback.
All reactions