Update wikipage EiffelStore SQL injection. (Signed-off-by:javier).

git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1763 abb3cda0-5349-4a8f-a601-0c33ac3a8c38

documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki

@@ -8,10 +8,17 @@
 In this article we will explain you how to use EiffelStore API to avoid SQL injections.
 
 <span id="SQL Injection"></span>
-= 1. What is the meaning of SQL injection?? =
+
+= 1. What is the meaning of SQL injection? =
 A SQL injection attack is a coding technique that consists of insertion or "injection" of a SQL query via the input data (passing unsafe data. ) from the client to the application. A successful SQL injection, can read sensitive data from the database, modify database data (Insert/Update/Delete), and become administrators of the database server.  To learn more about SQL injection read the following articles.
 
 * [https://en.wikipedia.org/wiki/SQL_injection https://en.wikipedia.org/wiki/SQL_injection]
 * [https://www.owasp.org/index.php/SQL_injection https://www.owasp.org/index.php/SQL_injection]
 
 
+<span id="Template queries"></span>
+= 2. Template Query =
+A template query is a string containing the fixed parts of the query and placeholders for the variable parts, and you can later substitute in values into those placeholders. (Bind variables to the query.). A template query could be static or dynamic
+
+Note: the way you bind variables to the query is quite important and it will define if your query is safe and avoid a SQL Injection attack.
+