Hey guys,I am using the "pg" module to interact with postgresql. I am wondering if using this module properly (with prepared statements) completely eliminates the chance of an sql injection occurring. I have recently read this post: http://ift.tt/1MmJLZy (not sure what db module they were using) so i'm scared that my sites are prone to sql injection.All my sql statements are prepared statements e.g.: INSERT INTO items(text, complete) values($1, $2) but I'm still worried if there is any change of a sql injection (or any other type of vulnerability )Any help would be greatly appreciated.
Submitted April 10, 2016 at 01:34AM by mre12345
No comments:
Post a Comment