From cbfc6d93a15194ae0f7d91eb456781fce5eff67b Mon Sep 17 00:00:00 2001
From: eiffel-org <eiffel-org@abb3cda0-5349-4a8f-a601-0c33ac3a8c38>
Date: Fri, 3 Feb 2017 18:10:52 +0000
Subject: [PATCH] Update wikipage Defending against SQL injections with
 EiffelStore.	(Signed-off-by:javier).

git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1770 abb3cda0-5349-4a8f-a601-0c33ac3a8c38
---
 .../eiffelstore/EiffelStore-SQL-injection.wiki              | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
index 08c9d02d..f0277a2c 100644
--- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
+++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
@@ -19,3 +19,9 @@ A template query is a string containing the fixed parts of the query and placeho
 
 {{Note|the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.}}
 
+== How to define placeholders (variables) in a SQL Template query? ==
+Variables syntax is simple: the ':' special character followed by the variable name, something like <code>:value</code> 
+
+   	<code>SELECT * FROM  TABLE_NAME WHERE field1 = :value</code>
+
+