From d4aac9bc6629a4d6d605ac7294c8668f47a1bb68 Mon Sep 17 00:00:00 2001 From: eiffel-org Date: Fri, 3 Feb 2017 18:33:06 +0000 Subject: [PATCH] Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier). git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1778 abb3cda0-5349-4a8f-a601-0c33ac3a8c38 --- .../database-access/eiffelstore/EiffelStore-SQL-injection.wiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki index 9bd251fd..839c34fd 100644 --- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki +++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki @@ -63,7 +63,7 @@ using feature BD_SELECTION.set_map_name and the API is responsible === Unsafe binding === If you use your own binding to map variables names to values, for example using String replacement, EiffelStore does not ensure that your query is safe, because it will depend on how do you handle escaping inputs before adding them to the query. -The following example shows how we can bypass the EiffelStore API to bind placeholders using an unsafe String replacement, in this case, is up to the developer to escape the input value. The example is unsafe and subject to SQL Injections attacks when the input is unsafe as in the example. +The following example shows how we can bypass the EiffelStore API to bind placeholders using an unsafe String replacement, in this case, is up to the developer to escape the input value. The example is unsafe and subject to SQL Injections attacks when the input is unsafe. unsafe_query