Sanitize user input


I have a general question regarding the methods validateQuery(ctx) and sanitizeQuery(ctx).

E.g. I have a custom route to create an entity. This is what the corresponding controller method looks like:

  async create(ctx) {
    const requestBody = ctx.request.body;
    const uuid = uuidV4();

    const data = { ...requestBody, uuid };
    await strapi.entityService.create("api::institution.institution", { data });

Is it safe to write the user data directly in the database like this? Or do I need to call one of the above methods before.

When logging the result of sanitizeQuery(ctx) it seems like the method returns an empty object.

Thanks for your answers :slight_smile: