From 692d19d9bdecef325a955554092c6c6ea084180c Mon Sep 17 00:00:00 2001 From: eiffel-org Date: Fri, 3 Feb 2017 18:18:09 +0000 Subject: [PATCH] Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier). git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1773 abb3cda0-5349-4a8f-a601-0c33ac3a8c38 --- .../eiffelstore/EiffelStore-SQL-injection.wiki | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki index 4d3d9283..c316f930 100644 --- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki +++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki @@ -18,7 +18,7 @@ An SQL injection attack is a coding technique that inserts, or "injects", an SQL = Template Query = -A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic +A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic. {{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}} @@ -27,4 +27,7 @@ Variables syntax is simple: the ':' special character followed by the variable n SELECT * FROM TABLE_NAME WHERE field1 = :value +{{SeeAlso| To learn more about EiffelStore query variables read the following article}} +* [https://www.eiffel.org/doc/solutions/Query%20variables Query Variables] +