-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The usage of xorm get has risk #11921
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Such as the usage of xorm get in models/attachment.go, if the id or uuid is empty, the query sql will be no where: select ... from attachment limit 1. The query will not be an error, but the query result could be not the result you want.
I suppose we use xorm get by this way:
attach := new(Attachment)
has, err := engine.Where("id=?", id).Get(attach)
Screenshots
The text was updated successfully, but these errors were encountered: