[oxfordmale]

Thanks for sharing this, very brave.

Looking at the code, there is a good chance this codebase is vulnerable to SQL injection.

[brainless]

I will not be surprised if there is but that is not a problem that cannot be fixed with some effort. The point is if we can produce deploy-able, full-stack apps, which are manageable, this changes what it means for software and for startups.

I live in a remote village in Himalayas, WB, India that I am sure no one on HN has heard of. I got 5G based broadband that is flaky just a few weeks back. By the end of this year, I am sure I will be able to attempt 4-5 products and market them more than I have ever done in my 16 years of professional life.

Software development has changed, forever.

[oxfordmale]

The design is fundamentally flawed, with queries in close to hundred .js files.

Perhaps you marker and sell a few, but it looks insecure and would be hard to refactor.

[brainless]

Are you sure of queries in `.js` files? Or do you mean `.rs` files?

  grep -r -i --include="*.jsx" --include="*.tsx" "SELECT\|INSERT\|UPDATE\|DELETE" ./adminapp

  grep -r -i --include="*.jsx" --include="*.tsx" "SELECT\|INSERT\|UPDATE\|DELETE" ./menuapp

[oxfordmale]

Apologies, they are in JSON files. GitHub truncated the last two characters on my mobile.

https://github.com/brainless/letsorder/blob/main/backend/.sq...

[brainless]

I had the same doubt early on, I had asked Claude and checked this:

https://docs.rs/sqlx/latest/sqlx/macro.query.html#offline-mo...

Looks like we are supposed to check them into version control.