-
|
Hello, as I used only ORMs until now i wasnt afraid of SQL Injections but now i found this perfect library and want to build stack around it. My question is, when i receive parameter userID for example in body of request (let's say echo), do i need somehow sanitize it before i put it here instead of number 12? or i can just put there variable and it will be safe? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yeah, it is safe to just put a variable. Jet will create a parametrized query for you. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you very much |
Beta Was this translation helpful? Give feedback.
Yeah, it is safe to just put a variable. Jet will create a parametrized query for you.
You can see a query and parameters with
stmt.Sql().