You are viewing a single comment's thread from:

RE: dPoll development updates: Result filtering and voting audits

in #utopian-io6 years ago (edited)

Ah, no. Not even close to being vulnerable to SQL injection :)

https://github.com/emre/dpoll.xyz/blob/master/dpoll/polls/utils.py#L271

Also, Django ORM prevents SQL injection attacks with prepared queries as long as the library user doesn't execute raw queries.

The real problem with the current implementation is that the app gets all votes then filter them in a for loop. That doesn't matter in such a small scale like dPoll's but it should be done on database level. (more efficient and less code.)

Sort:  

Perfect! Are you able to use linq to retrieve a filtered dataset in python?