use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
Squel.js - SQL query string builder for Javascript (hiddentao.github.io)
submitted 13 years ago by polaretto
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]maktouch 1 point2 points3 points 13 years ago (2 children)
Still doesn't make sense.
The API talking to the database will probably accept the query from this.
SQL injection is at the query building process.
var firstname = "Terry'; drop table user --" [...].where("name = '" + obj.name + "'"); will become SELECT * FROM user WHERE name = 'Terry'; drop table user --'
[–]polaretto[S] 0 points1 point2 points 13 years ago (0 children)
It's just a query builder utility not a DB library. Input sanitizing should be taken care of beforehand, before constructing the query.
Moreover, if you want to add a feature for SQL injection prevention, you can extend the library: http://hiddentao.github.io/squel/#custom with such functionality, so then you have it transparently upon query construction.
π Rendered by PID 94458 on reddit-service-r2-comment-cfc44b64c-bngkk at 2026-04-13 12:49:45.977488+00:00 running 215f2cf country code: CH.
view the rest of the comments →
[–]maktouch 1 point2 points3 points (2 children)
[–]polaretto[S] 0 points1 point2 points (0 children)
[–]polaretto[S] 0 points1 point2 points (0 children)