You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
returndb.query(`SELECT * FROM user_input WHERE category LIKE '${filter}'`).then(result=>result.rows);;
Interpolating values into a SQL string like this is super dangerous. Since the value comes from a request to POST / I could use Postman or Curl to send a request to this endpoint with a POST body of "1=1'; DROP TABLE USERS;" to run my own SQL on your production DB.
The text was updated successfully, but these errors were encountered:
week5-cjhk/source/model.js
Line 4 in c41e131
Interpolating values into a SQL string like this is super dangerous. Since the value comes from a request to
POST /I could use Postman or Curl to send a request to this endpoint with a POST body of"1=1'; DROP TABLE USERS;"to run my own SQL on your production DB.The text was updated successfully, but these errors were encountered: