tauoverpi 4 days ago

How does fastn handle errors? Is is possible to perform the SQL query client side or does it prevent / add friction for such? Can I visit `/foo/";DROP%20TABLE%20users;/` or does it handle inputs properly?

1
amitu 1 day ago

So you can write SQL queries[1] in fastn documents, create dynamic urls[2], get request data[3], or write backend in wasm[4].

The input to sql queries are passed using bind parameters[5], so it should not have SQL injection issue.

FifthTry.com is built using fastn. You can checkout source code if lets-update[6] to see some open source fastn code.

[1]: https://fastn.com/sql/

[2]: https://fastn.com/dynamic-urls/

[3]: https://fastn.com/request-data/

[4]: https://fastn.com/wasm/

[5]: https://github.com/fastn-stack/fastn/blob/b639cdf59dd297f977...

[6]: https://github.com/fifthtry-community/lets-update