Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
pinopinopino
on Dec 12, 2019
|
parent
|
context
|
favorite
| on:
Using Clojure for Web Apps
But this looks like a sql injection awaiting to happen:
(defn inc! [id] (kc/exec-raw (format "UPDATE articles SET count = count + 1 WHERE id = %s" id)))
(From
https://github.com/tbsschroeder/clojure-webshop-app/blob/mas...
) You don't need format it seems:
https://github.com/korma/Korma/blob/master/src/korma/core.cl...
jb1991
on Dec 13, 2019
[–]
sanitizing SQL queries is just as simple in Clojure as in any other language (maybe more so), even if it wasn't done in this example.
pinopinopino
on Dec 21, 2019
|
parent
[–]
It looks like it is builtin even in the library he uses. So not sure why he chooses format.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
