27 April 2010



Never construct a WHERE clause or query using unfiltered data entered by the user; doing so opens you to attack by SQL injection from malicious users. Instead either filter user input to make sure it does not contain SQL code, or use BIND VARIABLES and view criteria in stead of setQuery().

0 reacties:

Post a Comment