mirrors/eiffel-org
1
0
Fork 0
mirror of https://github.com/EiffelSoftware/eiffel-org.git synced 2025-12-07 15:22:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier).

Browse Source 
git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1778 abb3cda0-5349-4a8f-a601-0c33ac3a8c38
This commit is contained in:
eiffel-org
2017-02-03 18:33:06 +00:00
parent ab9267fdb4
commit d4aac9bc66
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
View File

@@ -63,7 +63,7 @@ using feature <code> BD_SELECTION.set_map_name</code> and the API is responsible
=== Unsafe binding === === Unsafe binding ===
If you use your own binding to map variables names to values, for example using String replacement, EiffelStore does not ensure that your query is safe, because it will depend on how do you handle escaping inputs before adding them to the query. If you use your own binding to map variables names to values, for example using String replacement, EiffelStore does not ensure that your query is safe, because it will depend on how do you handle escaping inputs before adding them to the query.
The following example shows how we can bypass the EiffelStore API to bind placeholders using an unsafe String replacement, in this case, is up to the developer to escape the input value. The example is unsafe and subject to SQL Injections attacks when the input is unsafe as in the example. The following example shows how we can bypass the EiffelStore API to bind placeholders using an unsafe String replacement, in this case, is up to the developer to escape the input value. The example is unsafe and subject to SQL Injections attacks when the input is unsafe.
<code> <code>
unsafe_query unsafe_query