add comment about sql injection

This commit is contained in:
monoid 2021-01-02 15:39:18 +09:00
parent 86114e4eb9
commit 221a3f2748

View File

@ -75,6 +75,7 @@ class KnexContentsAccessor implements ContentAccessor{
query = query.from("contents");
}
if(word !== undefined){
//don't worry about sql injection.
query = query.where('title','like',`%${word}%`);
}
if(content_type !== undefined){