我使用Kotlin Exposed来创建查询。但是当我必须使用从客户端收到的参数时,我遇到了一个问题:
renderAnimation(post, index, item) {
return (
<View>
<TouchableOpacity onPress={() => {
this.setState({ likesButton: true })
}}>
<Animatable.Image
animation={this.state.likesButton ? "bounce" : null}
duration={3000}
/>
</TouchableOpacity>
</View>
);
}
<Flatlist
dataSource={this.state.data}
renderItem={({item, index}) => {
<View>
{this.renderAnimation()}
</View>
}}
/>
那么如何创建预准备语句或如何通过可能的SQL注入传递参数?
答案 0 :(得分:3)
暴露在幕后为你做这件事。因为它将此工作委托给'use string';
const builder = require('botbuilder');
const restify = require('restify');
require('dotenv').config();
let port = process.env.port || process.env.PORT || '3978';
let server = restify.createServer({
formatters: {
'text/html': function (req, res, body) {
return body.toString();
}
}
});
// change done for restify 5.X+ (mapParams should be specified @ true)
server.use(restify.plugins.bodyParser({
mapParams: true
}));
server.listen(port, () => {
console.log('%s server listening to %s', server.name, server.url);
});
// entry point of your bot
let connector = new builder.ChatConnector({
appId: process.env.MicrosoftAppId,
appPassword: process.env.MicrosoftAppPassword,
openIdMetadata: process.env.BotOpenIdMetadata
});
server.post('/api/messages', connector.listen());
//callback handling
server.post('/api/oauthcallback', (req, res, next) => {
var authorizationCode = req.params.code;
if (authorizationCode !== undefined) {
console.log('authorization code provided');
}
else {
console.log('authorization code not provided');
}
});
// inMemoryStorage should only be used for testing. It is not stable for a production environment
let inMemoryStorage = new builder.MemoryBotStorage();
let bot = new builder.UniversalBot(connector).set('storage', inMemoryStorage);
bot.dialog('/', [
function (session) {
session.send('Hi');
}
]);
,所以它会为您处理。如果你想要理智地检查你的输入,你应该出于商业原因这样做,剩下的就是暴露。
编辑:我相信Exposed中的the source of Statement显示了这一点。 PreparedStatement的委派是您在此处阻止SQL注入攻击所需的全部内容。