What's wrong with this SQL IN clause?

What's wrong with this SQL IN clause in a permissions check. The SQL code builds an IN list from user input without parameterization. In SQL services this enables injection and data leaks.

#whatswrongwiththissqlquery #sqlbug #sqlproductionbug #sqldebugging #sqldatabase #sqlcodereview #sqlperformance #sqlreliability #sqlanalytics #sqldataintegrity #sqlengineering #sqlinjection #sqlinclause #sqlsecurity #sqlper...

https://www.youtube.com/watch?v=YtxP2ye7rJ4

What's wrong with this SQL order by?

What's wrong with this SQL order by in a search endpoint. The SQL code interpolates a user supplied sort field, enabling injection. In SQL backends this exposes data and crashes queries.

#whatswrongwiththissqlquery #sqlbug #sqlproductionbug #sqldebugging #sqldatabase #sqlcodereview #sqlperformance #sqlreliability #sqlanalytics #sqldataintegrity #sqlengineering #sqlinjection #sqlorderby #sqlquery #sqlsecurity

https://www.youtube.com/watch?v=enGz-KrHnx4