Skip to content

Move db calls to prepared statements with context #1353

Open
@ankitnayan

Description

@ankitnayan

Move all db calls to prepared statements and specifically with context if possible to make signoz more secure from sql injections.
A query should not be a string prepared from fmt.sprintf(...) if it has args to pass. We should try to avoid string formatting for args.

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions