Dev Tips: Escaping Special Characters
by Eddie Lau
just happened that there are several issues / discussion topics around escaping characters these few days, so wanna share and remind every junior developer about these. 1) escaping in SQL statement BAD: execute('SELECT * FROM "users" WHERE "id" = ' + userId) there are occasions that you combine user provided data into a SQL that query database records. in the examples...
Read More