Rosetta Code

Parameterized SQL statement: Difference between revisions

Page Discussion

Parameterized SQL statement (view source)

Revision as of 15:11, 8 October 2009

225 bytes added ,  14 years ago
m
Added note about SQL injection
(→‎{{header|Tcl}}: illustrate that we're resistant to attack...)
m (Added note about SQL injection)
Line 1:
{{task|Database operations}}Parameterized SQL statements are an easy way to avoid [[wp:SQL injection]] attacks. SQL drivers and libraries will automatically "sanitize" input to parameterized SQL statements to avoid these catastrophic database attacks.
{{task|Database operations}}Using a SQL update statement like this one
 
{{task|Database operations}}Using a SQL update statement like this one
UPDATE players SET name = 'Smith, Steve', score = 42, active = true WHERE jerseyNum = 99
show how to make a parameterized SQL statement, set the parameters to the values given above, and execute the statement.
Anonymous user
Retrieved from "https://rosettacode.org/wiki/Special:MobileDiff/129714"