Without Hyrax
reviewer-1
this looks fine to me
reviewer-2
LGTM
reviewer-3
minor nit: rename this variable
With Hyrax
Hyraxbot
CRITICAL
SQL injection in search query
src/api/search.ts:38 · Security
- const q = "SELECT * FROM users WHERE name = '" + name + "'"
+ const q = "SELECT * FROM users WHERE name = $1"
+ const rows = await db.query(q, [name])
▸ Fix submitted as PR #847 · 13/13 checks passed
Reviewed isn't fixed.Hyrax ships the fix.
Hyrax — 1080×1350 LinkedIn