New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stor insert
does not escape single quotes
#12764
Labels
Milestone
Comments
Not surprised. We'd accept a PR to fix this. Thanks. |
I think I can take a quick look at this one |
fdncred
pushed a commit
that referenced
this issue
May 14, 2024
- fixes #12764 Replaced the custom logic with values_to_sql method that is already used in crate::database. This will ensure that handling of parameters is the same between sqlite and stor.
FilipAndersson245
pushed a commit
to FilipAndersson245/nushell
that referenced
this issue
May 18, 2024
- fixes nushell#12764 Replaced the custom logic with values_to_sql method that is already used in crate::database. This will ensure that handling of parameters is the same between sqlite and stor.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Describe the bug
When using
stor insert
to add a row, it will not escape any strings that contain single quotes.How to reproduce
Expected behavior
I'd expect strings to be properly escaped so that pipelines don't accidentally cause SQL injection bugs.
Screenshots
No response
Configuration
Additional context
You can currently workaround this by feeding any input strings through
The text was updated successfully, but these errors were encountered: