This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-09-17
Channels
- # announcements (6)
- # beginners (117)
- # calva (22)
- # cider (7)
- # clara (56)
- # clj-kondo (8)
- # cljdoc (3)
- # cljfx (26)
- # clojure (58)
- # clojure-czech (2)
- # clojure-europe (20)
- # clojure-greece (1)
- # clojure-india (7)
- # clojure-nl (11)
- # clojure-uk (100)
- # clojurescript (48)
- # conjure (24)
- # cursive (117)
- # data-science (3)
- # datascript (5)
- # datomic (33)
- # emacs (29)
- # figwheel-main (3)
- # fulcro (12)
- # jobs (1)
- # malli (40)
- # parinfer (4)
- # pathom (1)
- # quil (2)
- # re-frame (17)
- # reagent (20)
- # reitit (1)
- # reveal (97)
- # ring (5)
- # shadow-cljs (11)
- # spacemacs (12)
- # sql (4)
- # tools-deps (18)
- # xtdb (25)
db/get-paste-by-id is giving me a 'spicy' edn file with a #object i dunno how to (and don't want to) print.
(http/defroutes main-routes
(http/GET "/" [] (views/index-page))
(http/POST "/" req
(if (empty? (:body (:params req)))
(views/index-page)
(do
(let [ins (db/create-paste req)
id (db/get-last-paste)]
(str ixio/url(:id (first id)) "\n"
#_req)))))
(http/GET "/favicon.ico" []
"Hello World")
(http/GET "/:id" [id]
(views/individual-paste id)
#_(db/get-pastes-by-id id))
(route/resources "/")
(route/not-found "Page not found"))
(defn get-paste-by-id [id]
(let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
(query my-db [query-string])))
(defn individual-paste [row]
(page/html5
(:body
(clojure.edn/read-string
(str (first (db/get-paste-by-id row)))))))
@U010A2QSG9H This is very unsafe:
(let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
(query my-db [query-string]))
You're opening yourself up to SQL injection attacks by doing that. Do thing instead, so you get a parameterized SQL query:
(query my-db ["SELECT id,body FROM pastes WHERE id = ?" id])
You should always use parameterized queries, instead of constructing an entire SQL string that includes its parameters!❤️ 3
Just now seeing this. Thank you for the safety advice!
Prints out a bunch of stuff but I think the offending object is
:body #object[org.eclipse.jetty.server.HttpInput 0x451be3bd "org.eclipse.jetty.server.HttpInput@451be3bd"]
And when I try to turn the string into an edn format it complains about #object