Hi All,
How to avoid SQL injection?
Below is the code we are using
<rde-dm:rdb mode="update" alias="DB-read" sql="UPDATE <table_name>
<field1>='[#request:item1#]',<field2>=TO_DATE('[#request:date#]','dd-
Mon-yyyy hh:mi:ss AM') WHERE POLL_ID='[#request:pollId#]'"/>
SQL injection has been done through the above code. How to avoid the
same? What are the changes can be done in the above code to avoid SQL
injection.
--
You received this message because you are subscribed to the Google Groups
"RedDot CMS Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/reddot-cms-users?hl=en.
