InfluxDB.Client.Net icon indicating copy to clipboard operation
InfluxDB.Client.Net copied to clipboard
verified publisher icon AdysTech

Protecting against SQL Injection Attacks

Open dbarentine opened this issue 6 years ago • 1 comments

If I create a query like: await client.QueryMultiSeriesAsync ("_internal", "select field from measurement where something");

If "something" is generated from user input is there something in the library that can parameterize that input to guard against SQL injection attacks?

I would want something like: query = "select field from measurement where {something}"; params = { "something", "value" }; await client.QueryMultiSeriesAsync ("_internal", query, params);

And QueryMultiSeriesAsync would automatically scrub/escape params to guard against SQL injection. Also see: InfluxDB Python Bind Parameters

dbarentine avatar Dec 12 '19 16:12 dbarentine

TODO: 2.0

mvadu avatar Dec 28 '19 17:12 mvadu