You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suppose I want to SELECT some columns from an unknown schema. That is, the column names are provided at runtime. Without concatenating them with a , and getting injection vulnerabilities, is there a way to SELECT from such database securely given column names at runtime, and more precisely, an unknown number of them?
QueryBuilder does not accept arrays as arguments, so I'd have to have SELECT ?, ?, ?, ?, ? FROM ? written in advance, with the ˋ?ˋ count being how many columns I want to select, which is not very nice. I'd like to have SELECT ? FROM ? and fill the first with the column names and the second with the table name.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Suppose I want to
SELECTsome columns from an unknown schema. That is, the column names are provided at runtime. Without concatenating them with a,and getting injection vulnerabilities, is there a way toSELECTfrom such database securely given column names at runtime, and more precisely, an unknown number of them?QueryBuilderdoes not accept arrays as arguments, so I'd have to haveSELECT ?, ?, ?, ?, ? FROM ?written in advance, with the ˋ?ˋ count being how many columns I want to select, which is not very nice. I'd like to haveSELECT ? FROM ?and fill the first with the column names and the second with the table name.Beta Was this translation helpful? Give feedback.
All reactions