[−][src]Function concatsql::without_escape

pub unsafe fn without_escape<T: ?Sized + ToString>(query: &T) -> WrapString<'_>

Does not escape.

Don't use if the value entered is unreliable (e.g. entered by user).

Danger

let age = String::from("42 or 1=1; --");  // input by attcker
let sql = prep!("SELECT name FROM users WHERE age < ") + unsafe { without_escape(&age) };
assert_eq!(sql.simulate(), "SELECT name FROM users WHERE age < 42 or 1=1; --");
assert!(conn.rows(&sql).is_ok());

Safety

Use trusted values
Use in an environment where SQL injection does not occur