Security

Sql security

All the sql queries are run as prepared statement

You cannot create prepare statement (with order as param) It won’t run properly!

{
  "type": "sql-select",
  "id": "player-list",
  "connection": "sample-database-connection",
  "query": "SELECT player.* FROM app.player where username is not null ORDER BY id :orderDirection",
  "resultType": "list",
  "params": [
    {
      "paramName": "orderDirection",
      "type": "string",
      "required": true
    }
  ]
}

Just use Query Builder