Comments (7)
We could just change special characters to entities before they go into the database and then convert them back when we retrieve them
from deno-drash-realworld-example-app.
Do you have an idea of how this would be implemented? I'm used to using PDO or having the framework used do this, but not manually
from deno-drash-realworld-example-app.
Course nice, one, i was thinking of the whole query which is where i was going wrong
So i guess the end result would be:
- All CRUD methods would call a new
escapeQueryData
method (or whatever name is best) before callingthis.prepare
- SELECT method would call a
unescapeDBResult
(or whatever name is best) to unescape the data at the end of the method, before returning it
from deno-drash-realworld-example-app.
Asked in pgc4d and deno-postgres to see if they currently have sanitisation implemented, or any plans to. Mainly because it would save us a job of doing it manually.
Note that there is another postgres module mentioned but by no means am i suggestion it, just trying to get as much info as possible
from deno-drash-realworld-example-app.
Author of pgc4d replied here, and they do encode queries when used with placeholders
from deno-drash-realworld-example-app.
Seems like deno-postgres does: await client.query("SELECT * FROM ids WHERE id < $1;", 2)
. Worth checking as hadn't had any confirmation from the owner
from deno-drash-realworld-example-app.
Postgress currently doesn't, but they do parameterise queries so it means we can strip out logic we have added to do that
from deno-drash-realworld-example-app.
Related Issues (20)
- Put onto drash.io HOT 1
- Add Cypress
- Add Cypress
- Re enable linting in Ci when deno lint bug is fixed
- Standardise
- Move to deploy? HOT 1
- use nessie?
- dont mount the node modules folder or bundled files
- Add relations to models HOT 1
- s3 example
- Use proper request validation
- question: Does this has code generator? HOT 2
- feat: Add custom 4xx and 50xx service
- bug: Protected endpoint create article can be called without being logged in an with arbitrary userid parameter.
- Mention Dmm and Vue-Input
- Write Basic Tests
- Write Advanced Tests
- Realworld App v1.0 (Release Date: 11-01-2020) HOT 2
- Realworld App v2.0
- Fix Linter
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deno-drash-realworld-example-app.