|
|
|
|
|
|
by simonw
375 days ago
|
|
|
My interpretation of that pattern is that it wouldn't work like that, because you restrict the SQL queries to things like: select title, content from articles where content matches ?
So the user's original prompt is used as part of the SQL search parameters, but the actual content that comes back is entirely trusted (title and content from your articles database).Won't work for `select body from comments` though, you could only do this against tables that contain trusted data as opposed to UGC. |
|
|