Improved security of the library against SQL injection attacks#4
Improved security of the library against SQL injection attacks#4
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e7082a2478
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| case SqliteStorageClass::kText: | ||
| case SqliteStorageClass::kDateTime: | ||
| sqlite3_bind_text(stmt, index, value.text_value.data(), -1, SQLITE_TRANSIENT); |
There was a problem hiding this comment.
When a reflected std::wstring contains an embedded NUL, StringUtilities::ToUtf8 preserves it in text_value, but passing -1 tells SQLite to measure only up to the first zero terminator. Saving or querying values such as std::wstring(L"a\0b", 3) therefore silently binds only "a", corrupting stored text and making exact predicates against such strings wrong; pass text_value.size() as the byte count instead.
Useful? React with 👍 / 👎.
1 participant
No description provided.