SQL Injection and ROW_NUMBER() #3619
Unanswered
rahulpol10
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey,
I am using sql`` template string to get the ROW_NUMBER, however I am getting Snyk vulnerability of sql injection.
My sql template is as follows
db
.select({
id: employees.id,
name: employees.name,
department: employees.department,
salary: employees.salary,
row_num: sql
ROW_NUMBER() OVER (PARTITION BY ${ a > 10 ? employees.department : employees.name} ORDER BY "employees"."salary" DESC)
.as('row_num')})
.from(employees);
How do I solve the sql injection at row_num line?
Do let me know if you need more information.
Beta Was this translation helpful? Give feedback.
All reactions