Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
query param false positive for expressions with no variable use
See original GitHub issueExample code
<cfquery name="queryName" datasource="#datasourceName#">
update users
set updated = "#createODBCDateTime(now())#"
</cfquery>
Note there no (reasonable) way SQL injection could happen there.
Issue Analytics
- State:
- Created 6 years ago
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Is a url query parameter valid if it has no value? - Stack Overflow
Parsing of the query string is up to the server-side code (e.g. Java servlet engine). You don't identify what server-side framework you use,...
Read more >Use query parameters to customize responses - Microsoft Graph
Microsoft Graph provides optional query parameters that you can use to specify and control the amount of data returned in a response.
Read more >Query Parameters and String Validations - FastAPI
FastAPI allows you to declare additional information and validation for your parameters. Let's take this application as example: Python 3.6 and above Python ......
Read more >SPARQL 1.1 Query Language - W3C
The results of SPARQL queries can be result sets or RDF graphs. ... Variables are not required to be bound in a solution....
Read more >Logical NOT (!) - JavaScript - MDN Web Docs - Mozilla
Examples of expressions that can be converted to false are: null ;; NaN ;; 0 ;; empty string ( "" or '' or ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Even with no risk of SQL injection, it’s still usually a good idea to parameterize to create a reusable query plan. There are some other minor benefits as well. Is the rule only concerned with SQL injection?
@KamasamaK Yeah, I agree. So, we’ll leave as is, it will report and who doesn’t want it to, needs to ignore it.