Warning about injection attacks #15
Description
Your comment in the README:
A more thorough SQL injection security review
Had given me the impression that there was preventative measures already in place to prevent injection. Thankfully I reviewed the code before deploying, and saw that the only thing sanitized is the search string. Some people, even without reading the above comment, might not think to check for injection because they're used to working with ORMs, and might make assumptions about node-datatable having similar features.
Might be overkill, but might also not hurt to have a disclaimer in the API section saying
When using user-provided values as data for any part of the query, be sure to sanitize it first