## Investigate "Incomplete string escaping or encoding" Code QL error

Question

Closed this issue 2 years ago · 0 comments

Generally speaking, I think this is not really an error we need to concern ourselves with. The two major concerns are:

This will only trigger on first instances of the given character (given the notation, we expect only one instance of this character)
this could be used for SQL injection (more concerning, but I do not know if that makes it an actual concern, given that this is largely a back-end utility.)

Original error below.

Incomplete string escaping or encoding

This replaces only the first occurrence of '>'.

Originally posted by @github-code-scanning[bot] in #258 (comment)