old_projects/url_shortener.git

author	yaqubroli <walchuk2018@icloud.com>	2022-12-23 21:35:40.0 -08:00:00
committer	yaqubroli <walchuk2018@icloud.com>	2022-12-23 21:35:40.0 -08:00:00
commit	ff6cfb4edd9f1d33cca8a2de94eb77ed4a00871d [patch]
tree	925e75ec49151405d6a8b3681f977fe4aa016384
parent	4db77d419d69ebc650f271ea457a4806760847ec
download	ff6cfb4edd9f1d33cca8a2de94eb77ed4a00871d.tar.gz

Prevent SQL injection

Diff

 src/database.rs |  9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/database.rs b/src/database.rs
index 50fe4ef..d9aa834 100644
--- a/src/database.rs
+++ a/src/database.rs
@@ -79,6 +79,11 @@
    pub content_type: ContentType
}

// This function sanitizes the input to prevent SQL injection
fn sanitize_input (input: String) -> String {
    input.replace("'", "''")
}

// Description: This function takes in a settings struct and returns a mysql connection pool
pub async fn init (settings: &BasicSettings<settings::AppSettings>) -> Pool {
    let database_settings = &settings.application.database;
@@ -193,9 +198,9 @@
        connection.exec_drop("INSERT INTO entries (content, shortened, content_type) VALUES (:content, :shortened, :content_type)", params! {
            "content" => 
                if content_type == &ContentType::Url {
                    url::format_url(content.to_string())
                    sanitize_input(url::format_url(content.to_string()))
                } else {
                    content.to_string()
                    sanitize_input(content.to_string())
                },
            "shortened" => shortened.clone(),
            "content_type" => u8::from(content_type.clone())