File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed
powershell/ql/src/queries/security/cwe-089/examples Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change 44
55# BAD: The user input is directly interpolated into the SQL query string
66$query1 = " SELECT * FROM users WHERE name = '$userinput '"
7- Invoke-Sqlcmd - ServerInstance " MyServer" - Database " MyDatabase" - Query $query
7+ Invoke-Sqlcmd - ServerInstance " MyServer" - Database " MyDatabase" - Query $query1
88
99# GOOD: Using parameters to prevent SQL injection
1010$query2 = " SELECT * FROM users WHERE name = @username"
@@ -13,4 +13,4 @@ $params = @{
1313 username = $userinput
1414}
1515
16- Invoke-Sqlcmd - ServerInstance " MyServer" - Database " MyDatabase" - Query $query - QueryParameters $params
16+ Invoke-Sqlcmd - ServerInstance " MyServer" - Database " MyDatabase" - Query $query2 - QueryParameters $params
You can’t perform that action at this time.
0 commit comments