argv minus one on Nostr: npub18369m…z8jp6 My rule for avoiding that is to never ever construct a SQL query ...
npub18369m6ejyjfh47ths7qrlvqcu8jvyzxnuysx72cpvg95jfvt9l0s5z8jp6 (npub1836…8jp6)
My rule for avoiding that is to never ever construct a SQL query at run time. All queries in my code are plain compile-time string literals or compile-time .sql files; no exceptions. This makes injection impossible.
If you use the sqlx crate's query macros, they will cause a compile error if the query isn't a string literal. (It also allows you to store your SQL queries in separate files, one file per query, but they still have to exist entirely at compile time.)
My rule for avoiding that is to never ever construct a SQL query at run time. All queries in my code are plain compile-time string literals or compile-time .sql files; no exceptions. This makes injection impossible.
If you use the sqlx crate's query macros, they will cause a compile error if the query isn't a string literal. (It also allows you to store your SQL queries in separate files, one file per query, but they still have to exist entirely at compile time.)