I use Kotlin Exposed to create queries. But I faced a problem when I have to use a parameter recieved from a client:
private fun accountInfo(msg: AccountInfoMsg) {
transaction {
val accountInfo = UserAccount.wrapRow(Account.innerJoin(Account_Banned).select {
Account.email.eq(msg.login.toLowerCase()) and (Account.id eq Account_Banned.accountId)
}.single())
}
}
So how to create a prepared statement or how to pass a parameter with possible SQL injection?
Exposed does this for you under the covers. Because it delegates this work down to a PreparedStatement, it's handled for you. If you want to sanity check your inputs, you should do so for business reasons, leaving the rest up to Exposed.
Edit: I believe the source of Statement in Exposed shows this in action. Delegation to PreparedStatement is all you need to prevent a SQL Injection Attack here.