1 post about
nunjuck

Dev Tips: Escaping Special Characters

just happened that there are several issues / discussion topics around escaping characters these few days, so wanna share and remind every junior developer about these. 1) escaping in SQL statement BAD: execute('SELECT * FROM "users" WHERE "id" = ' + userId) there are occasions that you combine user provided data into a SQL that query database records. in the examples...


Read More