Security - input sanitization (validation)
Hi,
I'm building a process (API endpoint) which starts with a user input from a Webflow form.
I am aware that it is good practive to sanitize such input on backend, but I'm wondering is that an issue with a solution like Xano? I will have some simple validation on the form (for example for basic email format check), but it might not be enough to protect the databse from potential SQL injection. Does Xano take care of that for me (out of the box) or should I add some kind of function to validate the input? If so, how would I go about it?
Comments
-
@Tom Wolf great question. Xano escapes all inputs for you, so there is no need to worry about SQL injections.
We may be opening up support for direct raw SQL queries in a new database statement within the function stack, but that is still being worked on. If there is any risk to SQL injections there, we will make sure to put warnings around the feature.
-
Great, thanks @Sean Montgomery !
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback