Feed
Bogdan N.
software engineer
dbQuery := "SELECT users.user_id, users.user, users.first_name, users.last_name, tweets.tweet, tweets.date_tweet FROM users INNER JOIN tweets ON users.user_id = tweets.user_id INNER JOIN followers ON users.user_id = followers.id_user WHERE followers.id_follower = ? ORDER BY tweets.date_tweet DESC;"
rows, err := database.DB.Query(dbQuery, c.Params("id"))
You can avoid SQL injection by this simple change.
Use a placeholder (?) for the argument in the query and pass the argument in the db.Query method.
Elvis Van
Security researcher
this is one hell of a long post lol, saved for later, thanks👍🏻