SQLTeam.com | Weblogs | Forums

SQLi in query. ${sometext}

Hello. I have this one SQL query example

SELECT * FROM test WHERE ${datesString};

I am trying to find out what does this query mean and is this query vulnerable to SQLi?

Welcome

What programming language is this piece of code in?

javascript

What npm module are you using to make that call

Without seeing the wrest of the code it is likely it is vulnerable. Use parameterized queries. You would want to look at the final query and how it is being executed. Basically that is replacing that part of the query string with something else to control the result sets.