From f0722d6639ee96cf59a7684074ec95889cafbf75 Mon Sep 17 00:00:00 2001 From: eiffel-org Date: Thu, 11 Oct 2018 20:09:40 +0000 Subject: [PATCH] Missing space. Updated wikipage Defending against SQL injections with EiffelStore. (Signed-off-by:javier). git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@2086 abb3cda0-5349-4a8f-a601-0c33ac3a8c38 --- .../eiffelstore/EiffelStore-SQL-injection.wiki | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/documentation/18.07/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/18.07/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki index 839c34fd..6bbf6d41 100644 --- a/documentation/18.07/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki +++ b/documentation/18.07/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki @@ -1,3 +1,5 @@ +[[Property:modification_date|Thu, 11 Oct 2018 20:09:39 GMT]] +[[Property:publication_date|Thu, 11 Oct 2018 20:09:39 GMT]] [[Property:link_title|SQL injection]] [[Property:uuid|438C838C-C115-44B4-8480-05A825FE1047]] [[Property:weight|4]] @@ -57,8 +59,7 @@ The following example shows an attempt to do an SQL Injection attack, but as we end -As you can observe in the previous example the binding to map the variable name :datetime to their value is done -using feature BD_SELECTION.set_map_name and the API is responsible to do the necessary encoding. +As you can observe in the previous example the binding to map the variable name :datetime to their value is done using feature BD_SELECTION.set_map_name and the API is responsible to do the necessary encoding. === Unsafe binding === If you use your own binding to map variables names to values, for example using String replacement, EiffelStore does not ensure that your query is safe, because it will depend on how do you handle escaping inputs before adding them to the query.