Issue #105 resolved

SQLiteAdapter: appendMatchExpression

Carlin Desautels
repo owner created an issue
  • Why are '"' used there? Can '\'' be used instead? What if the string contains '"' - it looks like an opportunity for SQL injection?
  • I think the expression should be build in two stages, the first one building the expression, eventually taking care of '"' and the second one using appendLiteral to add it to the match statement.

Comments (5)

  1. Log in to comment