SQL Injection and ROW_NUMBER() #3619
Unanswered
rahulpol10
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey,
I am using sql`` template string to get the ROW_NUMBER, however I am getting Snyk vulnerability of sql injection.
My sql template is as follows
db
.select({
id: employees.id,
name: employees.name,
department: employees.department,
salary: employees.salary,
row_num: sql
ROW_NUMBER() OVER (PARTITION BY ${ a > 10 ? employees.department : employees.name} ORDER BY "employees"."salary" DESC).as('row_num')})
.from(employees);
How do I solve the sql injection at row_num line?
Do let me know if you need more information.
Beta Was this translation helpful? Give feedback.
All reactions