27 April 2010

TIP

Caution! 


Never construct a WHERE clause or query using unfiltered data entered by the user; doing so opens you to attack by SQL injection from malicious users. Instead either filter user input to make sure it does not contain SQL code, or use BIND VARIABLES and view criteria in stead of setQuery().
Share:

0 reacties:

Post a Comment