Code Room
Vibe codingMediumvc-g498
Subject Ai code reviewLevel Mid–Senior~15 minCommon in Security · Databases & SQL · Algorithms & data structures interviewsIndustries Software development

Question

An AI generated this Flask search endpoint. It returns correct results in testing. A pentester drops a payload and dumps the whole users table. Identify the vulnerability and the precise fix — including the subtle reason the 'obvious' fix is also wrong here.

python
@app.route("/search")def search():    q = request.args.get("q", "")    sort = request.args.get("sort", "created_at")    sql = f"SELECT id, title FROM posts WHERE title LIKE '%{q}%' ORDER BY {sort}"    rows = db.execute(sql).fetchall()    return jsonify([dict(r) for r in rows])
What a strong answer looks like

Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.

Describe your solution

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.