Anonymous user
Parameterized SQL statement: Difference between revisions
m
Added note about SQL injection
(→{{header|Tcl}}: illustrate that we're resistant to attack...) |
m (Added note about SQL injection) |
||
Line 1:
{{task|Database operations}}Parameterized SQL statements are an easy way to avoid [[wp:SQL injection]] attacks. SQL drivers and libraries will automatically "sanitize" input to parameterized SQL statements to avoid these catastrophic database attacks.
{{task|Database operations}}Using a SQL update statement like this one▼
UPDATE players SET name = 'Smith, Steve', score = 42, active = true WHERE jerseyNum = 99
show how to make a parameterized SQL statement, set the parameters to the values given above, and execute the statement.
|