This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-06-07
Channels
- # announcements (2)
- # asami (2)
- # babashka (15)
- # babashka-sci-dev (31)
- # beginners (130)
- # boot (4)
- # cider (5)
- # circleci (12)
- # clj-kondo (10)
- # cljs-dev (8)
- # clojure (7)
- # clojure-czech (14)
- # clojure-europe (19)
- # clojure-france (5)
- # clojure-uk (2)
- # clojured (23)
- # clojurescript (11)
- # conjure (8)
- # datomic (5)
- # emacs (1)
- # etaoin (8)
- # events (2)
- # fulcro (10)
- # graalvm (18)
- # gratitude (1)
- # holy-lambda (16)
- # honeysql (4)
- # introduce-yourself (1)
- # jobs (2)
- # kaocha (3)
- # london-clojurians (1)
- # lsp (53)
- # off-topic (16)
- # other-languages (2)
- # pathom (4)
- # pedestal (3)
- # podcasts-discuss (1)
- # portal (10)
- # re-frame (69)
- # reitit (2)
- # shadow-cljs (11)
- # vim (7)
- # xtdb (29)
Given a fn like
(defn- delete-resource [store key]
(-> (hh/update :plugin_store)
(hh/set {:keys [:raw (str "keys - '" (sanitize-key key) "'")]})
(hh/where [:= :_id (core/id store)])
(honey/format {:quoted true})))
I can do the following
(jdbc/execute-one! ds (delete-resource {:id "lol"} "'; drop table plugin_store -- k" ))
And my table is gone 😕
What would be a safer way to do what I’m trying to achieve here, that is unsetting the attribute key
on keys
I could of course write a better sanitize-key
but I’d really love to get this as a prepared statement of some sort.