You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: swift/ql/src/queries/Security/CWE-089/SqlInjection.qhelp
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ If a database query (such as a SQL query) is built from user-provided data witho
12
12
<recommendation>
13
13
14
14
<p>
15
-
Most database connector libraries offer a way to safely embed untrusted data into a query using query parameters or prepared statements. You should use these features to build queries, rather than string concatenation or similar methods without sufficient sanitization.
15
+
Most database connector libraries offer a way to safely embed untrusted data into a query using query parameters or prepared statements. You should use these features to build queries, rather than string concatenation or similar methods. It's also possible to escape (sanitize) user-controlled strings so that they can be included directly in an SQL command, but this approach is only safe if the chosen escaping function is robust.
0 commit comments