Hey, is using Parameterized queries with UPDATE statements a thing? is it recommended?
const queryString = 'UPDATE mybucket SET blah = $blah WHERE type = "somedocs"';
const parameters = { blah: 'some string' };
const query = N1qlQuery.fromString(queryString).adhoc(false);
this.bucket.query(query, parameters, (err, data, meta) => {
/* ... */
})
AV25242
2
@Roy_Rico you have 2 questions
- Parameterized query with update statement a thing ?
Yes, you can use query options to pass parameters - is it something not working for you ?
- Is it recommended ?
Parameterized queries is a good way to avoid sql injection you can see OWASP recommendation here
OK thanks for the info. I was doing some reading of the docs in prep for refactoring some of our DB code