The library can protect against SQL injection-related errors?

[alexTvirus]

Does this library have any mechanisms to prevent SQL injection attacks or intrusions, similar to the methods described here: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html?

[demmings]

Hey alexTvirus,
This SQL custom function has not considered any security in its development. Since the primary use of this function is within my sheets as a custom function and also used within my own apps script for easily loading data - I have not worried about injection attacks.
If you use BIND variables for building your select statement, it should not be possible for injection attacks from that perspective - but if you build a select using data from a cell, it would be possible in that case.
gsSQL is not overly sophisticated and injections would be possible in certain cases.

[alexTvirus]

thanks sir !
May I ask one more question? Does your library allow access to data across multiple different spreadsheet files?

[demmings]

You should be able to. When you define each table, you need to specify where it is located. For example, reading from my financial tracking sheets to my taxes sheets is like this:

=gsSQL("select age from taxes", "taxes", importrange( "https://docs.google.com/spreadsheets/d/12345", "sheet1!b1:b32"))

of course you need to make sure that your importrange is working properly. The reference data in importrange also needs to have the first row with a title that I can use as a column name.