From 7ccbd7e5d2eae2e529a9a0fd3850863a0f4012f9 Mon Sep 17 00:00:00 2001 From: eiffel-org Date: Fri, 3 Feb 2017 18:14:22 +0000 Subject: [PATCH] Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier). git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1772 abb3cda0-5349-4a8f-a601-0c33ac3a8c38 --- .../eiffelstore/EiffelStore-SQL-injection.wiki | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki index b9a21c80..4d3d9283 100644 --- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki +++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki @@ -11,10 +11,11 @@ In this article we will explain you how to use EiffelStore API to avoid SQL inje = What is an SQL injection? = An SQL injection attack is a coding technique that inserts, or "injects", an SQL query via the input data, passing unsafe input from the client to the application. A successful SQL injection can enable the attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), or become administrator of the database server. To learn more about SQL injection, read the following articles. -{{SeeAlso| +{{SeeAlso| To learn more about SQL injection, read the following articles. }} + * [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection] * [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection] -}} + = Template Query = A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic