Parameter sanitisation
dmitry84 opened this issue · 0 comments
Hi
I can not find in the docs or code any info about the parameter sanitization before executing the query.
I see that there is a requirement to wrap parameters into the single quotes, but I'm not sure if this is sufficient to prevent SQL Injections
influx documentation suggest to supply parameres like this:
curl -G 'http://localhost:8086/query?db=mydb' --data-urlencode 'q=SELECT * FROM "mymeas" WHERE "myfield" > $field_value' --data-urlencode 'params={"field_value":30}'
I see that in the code you are using "http_build_query" to build request query, and then setParameters, but I can not find any sanitization code.
Could you explain in the doc if this is taken care or explain how should we supply parameters to the query?
Thank you in advance.