From f0eb5cbd455d8d07c972020c834b5c448a239e7b Mon Sep 17 00:00:00 2001
From: eiffel-org <eiffel-org@abb3cda0-5349-4a8f-a601-0c33ac3a8c38>
Date: Fri, 3 Feb 2017 18:21:02 +0000
Subject: [PATCH] Update wikipage Defending against SQL injections with
 EiffelStore.	(Signed-off-by:javier).

git-svn-id: https://svn.eiffel.com/eiffel-org/trunk@1774 abb3cda0-5349-4a8f-a601-0c33ac3a8c38
---
 .../eiffelstore/EiffelStore-SQL-injection.wiki              | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
index c316f930..71d828e6 100644
--- a/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
+++ b/documentation/trunk/solutions/database-access/eiffelstore/EiffelStore-SQL-injection.wiki
@@ -30,4 +30,10 @@ Variables syntax is simple: the ':' special character followed by the variable n
 {{SeeAlso| To learn more about EiffelStore query variables read the following article}}
 * [https://www.eiffel.org/doc/solutions/Query%20variables Query Variables]
 
+==How to bind variables/placeholders to a template query.==
+
+To avoid SQL Injections you will need to map variables names to values using the EiffelStore API (using EiffelStore supported connectors)
+
+* Queries returning a result will need to use: <code>DB_SELECTION</code>
+* Queries updating the database (Insert, Update, Delete) will need to use: <code>DB_CHANGE</code>