mirrors/eiffel-org
1
0
Fork 0
mirror of https://github.com/EiffelSoftware/eiffel-org.git synced 2025-12-06 23:02:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:admin).

Browse Source 
git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1768 abb3cda0-5349-4a8f-a601-0c33ac3a8c38
This commit is contained in:
eiffel-org
2017-02-03 16:47:57 +00:00
parent 4db6e96872
commit 6966549462
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
View File

@@ -1,24 +1,20 @@
[[Property:link_title|SQL injection]] [[Property:link_title|SQL injection]]
[[Property:uuid|438C838C-C115-44B4-8480-05A825FE1047]] [[Property:uuid|438C838C-C115-44B4-8480-05A825FE1047]]
[[Property:weight|4]] [[Property:weight|4]]
[[Property:title|EiffelStore SQL injection]] [[Property:title|Defending against SQL injections with EiffelStore]]
[[Property:weight|4]] [[Property:weight|4]]
<span id="Introduction"></span> = Introduction =
In this article we will explain you how to use EiffelStore API to avoid SQL injections. In this article we will explain you how to use EiffelStore API to avoid SQL injections.
<span id="SQL Injection"></span> = What is an SQL injection? =
= 1. What is an SQL injection? =
An SQL injection attack is a coding technique that inserts, or "injects", an SQL query via the input data, passing unsafe input from the client to the application. A successful SQL injection can enable the attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), or become administrator of the database server. To learn more about SQL injection, read the following articles. An SQL injection attack is a coding technique that inserts, or "injects", an SQL query via the input data, passing unsafe input from the client to the application. A successful SQL injection can enable the attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), or become administrator of the database server. To learn more about SQL injection, read the following articles.
* [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection] * [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection]
* [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection] * [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection]
= Template Query =
<span id="Template queries"></span>
= 2. Template Query =
A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic
{{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}} {{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}}