Fix Preview

Parameterize SQL query to prevent injection

SQL Injection in user query

Critical

User input is directly concatenated into SQL query without parameterization.

src/db/users.ts:42

A03:2021

Code Diff

Diff preview is available for Pro and Enterprise subscribers

Upgrade to unlock automated fix patches for your vulnerabilities

src/db/users.ts

Access Fix Patch

Upgrade to Pro to unlock automated fix patches for your vulnerabilities.

Upgrade to Pro to unlock fixes

Review all patches carefully in a development environment before applying. Patches are suggestions only and may introduce new issues. Use at your own risk.