Don’t allow use of $ param with no value in queries
Beforehand it was possible to do SELECT * FROM $ which would show all of the variables defined. This is now not possible, and variables must be specified using their defined name.
This commit is contained in:
Tobie Morgan Hitchcock
parent
8ab01b510f
commit
ddefed03e6
1 changed files with 20 additions and 16 deletions
|
|
@ -106,6 +106,8 @@ func (e *executor) fetch(ctx context.Context, val interface{}, doc *data.Doc) (o
|
|||
|
||||
case *sql.Param:
|
||||
|
||||
if len(val.ID) > 0 {
|
||||
|
||||
for _, s := range paramSearchKeys {
|
||||
|
||||
if obj, ok := ctx.Value(s).(*data.Doc); ok {
|
||||
|
|
@ -134,6 +136,8 @@ func (e *executor) fetch(ctx context.Context, val interface{}, doc *data.Doc) (o
|
|||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
|
||||
case *sql.RunStatement:
|
||||
|
|
|
|||
Loading…
Reference in a new issue