Skip to content

Commit 1fd0514

Browse files
methanemethane
committed
Add link to StackOverflow describe vulnerability using multibyte encoding
1 parent b4f0315 commit 1fd0514

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

README.md

+2-1
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,8 @@ Default: false
192192

193193
When `interpolateParams` is true, calls to `sql.Db.Query()` and `sql.Db.Exec()` with params interpolates placeholders (`?`) with given params. This reduces roundtrips to database compared with `interpolateParams=false` since it uses prepare, exec and close to support parameters.
194194

195-
NOTE: It make SQL injection vulnerability when connection encoding is multibyte encoding except utf-8 (e.g. cp932).
195+
NOTE: *This may introduce a SQL injection vulnerability when connection encoding is multibyte encoding except for UTF-8 (e.g. CP932)!*
196+
(See http://stackoverflow.com/a/12118602/3430118)
196197

197198
##### `loc`
198199

0 commit comments

Comments
 (0)