mirrors/eiffel-org
1
0
Fork 0
mirror of https://github.com/EiffelSoftware/eiffel-org.git synced 2025-12-07 15:22:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier).

Browse Source 
git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1771 abb3cda0-5349-4a8f-a601-0c33ac3a8c38
This commit is contained in:
eiffel-org
2017-02-03 18:13:14 +00:00
parent cbfc6d93a1
commit ae469515a7
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
View File

@@ -11,8 +11,10 @@ In this article we will explain you how to use EiffelStore API to avoid SQL inje
= What is an SQL injection? = = What is an SQL injection? =
An SQL injection attack is a coding technique that inserts, or "injects", an SQL query via the input data, passing unsafe input from the client to the application. A successful SQL injection can enable the attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), or become administrator of the database server. To learn more about SQL injection, read the following articles. An SQL injection attack is a coding technique that inserts, or "injects", an SQL query via the input data, passing unsafe input from the client to the application. A successful SQL injection can enable the attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), or become administrator of the database server. To learn more about SQL injection, read the following articles.
{{SeeAlso|
* [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection] * [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection]
* [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection] * [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection]
}}
= Template Query = = Template Query =
A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic
@@ -20,7 +22,7 @@ A template query is a string containing the fixed parts of the query and placeho
{{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}} {{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}}
== How to define placeholders (variables) in a SQL Template query? == == How to define placeholders (variables) in a SQL Template query? ==
Variables syntax is simple: the ':' special character followed by the variable name, something like <code>:value</code> Variables syntax is simple: the ':' special character followed by the variable name, for example <code>:value</code>
<code>SELECT * FROM TABLE_NAME WHERE field1 = :value</code> <code>SELECT * FROM TABLE_NAME WHERE field1 = :value</code>