Fix SQL Query Parameterization
mark-monteiro opened this issue · 0 comments
mark-monteiro commented
There are several SQL queries using un-escaped string concatenation to specify parameters instead of the standard parameter bindings. The risk/consequences of injection seems fairly minimal for this plugin, but these queries should still be updated.
An non-exhaustive list of offending queries: