SQL Injection Vulnerability

★★★★★

📁 django/django 🔢 jkl3456 Security

★★★★★

Difficulty

+200 XP reward

file.js

1	function findUserByUsername(username) {
2	const query = `SELECT * FROM users WHERE username = '${username}'`; • Direct string interpolation allows SQL injection
3	return database.query(query);
4	}
5
6	function deleteUser(userId) {
7	const query = `DELETE FROM users WHERE id = ${userId}`; • Second SQL injection vulnerability in delete operation
8	return database.query(query);
9	}

Submit Your Fix

Lines marked: 0

Line-by-line fix:

Click a marked line number below to edit its fix.

Click on lines in the diff above to mark them, then add your fixes here.

Or provide as unified diff: