From dad2176b15c5dc4f24dddf970f904102f121e19a Mon Sep 17 00:00:00 2001 From: eiffel-org Date: Fri, 3 Feb 2017 13:31:21 +0000 Subject: [PATCH] Update wikipage EiffelStore SQL injection. (Signed-off-by:javier). git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1763 abb3cda0-5349-4a8f-a601-0c33ac3a8c38 --- .../eiffelstore/EiffelStore-SQL-injection.wiki | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki index 16a9059f..2e62b0fd 100644 --- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki +++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki @@ -8,10 +8,17 @@ In this article we will explain you how to use EiffelStore API to avoid SQL injections. -= 1. What is the meaning of SQL injection?? = + += 1. What is the meaning of SQL injection? = A SQL injection attack is a coding technique that consists of insertion or "injection" of a SQL query via the input data (passing unsafe data. ) from the client to the application. A successful SQL injection, can read sensitive data from the database, modify database data (Insert/Update/Delete), and become administrators of the database server. To learn more about SQL injection read the following articles. * [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection] * [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection] + += 2. Template Query = +A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic + +Note: the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack. +