Comments (8)
Just to add some references, here's the node-cassandra-client-way: https://github.com/racker/node-cassandra-client/blob/master/lib/driver.js#L59-109 (could be done nicer IMO)
And here's some example from node-mysql: https://github.com/felixge/node-mysql/blob/master/lib/client.js#L145-199
Anyhow I really like the ?
-placeholder-style and I've seen it in many places when dealing with SQL-like database-queries (which CQL tries to mimic).
from helenus.
Looks like single quotes have to be escaped by another single quote, see https://issues.apache.org/jira/browse/CASSANDRA-2993
At least we're not in danger of really dangerous CQL injections: http://www.mail-archive.com/[email protected]/msg14907.html
from helenus.
I'll be pushing out a fix to address the vulnerability. I'll escape the single quote as that is all the official driver is doing. As for the ?
placeholder way, I see how people can want this, I also see how people would want to use the NodeJS way of doing it. I think I'll have ?
be synonymous with %s
. That should allow for use either way.
from helenus.
just fyi, all of this was published under version 0.3.3. including the ability to use a ?
placeholder in cql.
from helenus.
Looks like this fix is in JS file. Can we do it at server code?
from helenus.
I'm not sure what you mean?
from helenus.
Any security fix at client side javascript can be easily bypaased. It would be good if we have this fix on the server side code.
from helenus.
This is for node.js, not client side JavaScript.
from helenus.
Related Issues (20)
- row.slice() is deserializing data twice giving incorrect values HOT 3
- multi-get thrift support? HOT 2
- formatCQL modifies params HOT 4
- TypeError: value is out of bounds HOT 4
- No way to know when reconnected HOT 4
- Please tag releases of Helenus HOT 3
- HelenusInvalidRequestException: cannot parse '0' as hex bytes HOT 2
- TimeUUIDType seems to be deserialized to a wrong type HOT 1
- Pooling flawed, or improper usage? HOT 12
- CQL3 Map Collection type returning interesting value HOT 8
- ConnectionPool.close should take a callback HOT 1
- TS and TTL returned by row.forEach are incorrect HOT 3
- Problems with timeuuid, CQL3 and INSERT HOT 2
- Adding support for removing multiple columns HOT 7
- Exceptions being thrown when callbacks should suffice — intended? HOT 1
- Connection Pool only using one member HOT 1
- Selecting empty/null collection columns cause "Cannot read property 'length' of null" exceptions HOT 5
- Thrift column family issue. HOT 5
- How to insert an entity containing a collection item, say a set or list? HOT 3
- CQL3 UUID type does not work HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helenus.