Genie Discord forum

Input sanitize typed GET payload?

Author Avatarzoë
11/17/2023, 3:52:31 AM

I have a route

route(/users/:users_id::Int, get_user, method=GET)

and I'm wondering if I have to input sanitize/ double check that the payload(:users_id) that I get within the get_user function returns an Int? Does specifying the route like that as a typed param mean that I don't have to typecheck within the function? I'm passing this to a SQL query so I want to double check that it's an Int so I don't get injected. I'm unclear about what happens behind the scenes when I declare the :users_id::Int param within the route.

Author AvatarPere
11/20/2023, 8:47:22 AM

If you pass a parameter of the wrong type, the route handler will not run and it will throw a 404 error. Also, in the terminal you'll see something like this:

Error: 2023-11-20 09:43:28 ArgumentError("invalid base 10 digit 'a' in "addasd"")

Author Avatarzoë
11/20/2023, 11:16:40 PM

cool, thank you!

Author Avataressenciary
12/5/2023, 4:22:15 PM

if it can't be converted to the indicated type, the route won't match