Sorry if dumb question but do I need to be concerned with SQL injection for tables and data-queries in plasmic? i.e. if I write code Select * from table where column1 = DynamicInputField
If someone changes that dynamic input field to SQL code is that a potential problem?
Hi, that’s not a dumb question at all, it’s actually a pretty valid question, it’s good to have those concerns when you are building your application. When doing dynamic queries we use a parameterized query to populate the dynamic values, so you don’t need to worry about sql injection, you can see the code for this in https://github.com/plasmicapp/plasmic/blob/c56c8960e5bb7a44c2c837b1552903b6048637f9/platform/wab/src/wab/server/data-sources/postgres-fetcher.ts#L320 and information about parameterized queries in https://node-postgres.com/features/queries#parameterized-query