open-vault

History

Lauren Voswinkel 4d98430964 Use parameters when executing prepared statements rather than fmt.Sprintf (#9013 ) * Don't use string formatting to prepare queries. We should, when possible, use the built-in params and ? format when preparing and executing a query. This is done to prevent SQL Injection attacks. * Revert some changes due to failing tests, update mssql go driver * Add docker container startup for some MSSQL tests * Remove acceptance test flagging, add more SQL injection protection * Refactor MSSQL prepareTestContainer to a test helper Also, remove all ? references and convert them to @p*	2020-05-21 16:07:18 -07:00
..
mssqlhelper.go	Use parameters when executing prepared statements rather than fmt.Sprintf (#9013 )	2020-05-21 16:07:18 -07:00

Use parameters when executing prepared statements rather than fmt.Sprintf (#9013 )

* Don't use string formatting to prepare queries.

We should, when possible, use the built-in params and ? format when
preparing and executing a query. This is done to prevent SQL Injection
attacks.

* Revert some changes due to failing tests, update mssql go driver

* Add docker container startup for some MSSQL tests

* Remove acceptance test flagging, add more SQL injection protection

* Refactor MSSQL prepareTestContainer to a test helper

Also, remove all ? references and convert them to @p*

2020-05-21 16:07:18 -07:00

mssqlhelper.go

Use parameters when executing prepared statements rather than fmt.Sprintf (#9013 )

2020-05-21 16:07:18 -07:00