mention SQL injection in context of initial data load?

[matkoniecz]

Existing documentation URL(s)

• https://developers.cloudflare.com/d1/get-started/
• https://developers.cloudflare.com/d1/best-practices/import-export-data/

What changes are you suggesting?

I am following https://developers.cloudflare.com/d1/get-started/#4-run-a-query-against-your-d1-database and I want to adapt it to actual data.
Which steps I should take to avoid SQL injection? Docs are mentioning SQL injection in a different context (in worker itself).
Maybe docs should also mention SQL injection in context of initial loading of data?

https://developers.cloudflare.com/d1/get-started/ and https://developers.cloudflare.com/d1/best-practices/import-export-data/ suggests running bunch of INSERT INTO
from prepared sql file.

I guess that sole proper way of making this is to have or create local database (say SQLITE), fill it with prepared statements then dump it with
https://developers.cloudflare.com/d1/best-practices/import-export-data/#import-an-existing-database

And if you have data in say CSV or something similar then generating .sql file directly is dangerous and asking SQL injection
and naive solutions such as escaping specific characters are not enough?
Though tiny test datasets can be crafted manually, like one in get started tutorial.
(if developer following tutorial is supposed to know about it - what else they should know? I was aware of this one, but it is hard to know that you are unaware of something important)

Additional information

No response

[github-actions]

Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify long-standing issues in our repo (and not used to auto-close issues).