SQL in­jec­tion at­tacks

Linux User & Developer - - Tutorial -

You might won­der why we bother with the

? place­hold­ers, par­tic­u­larly since we are able to pro­gram­mat­i­cally con­struct the SQL state­ment in­side Go. The rea­son is to pro­tect our code from what is called an

SQL in­jec­tion at­tack. In­sert­ing user-pro­vided text di­rectly into our SQL queries could al­low our users to ex­e­cute their own SQL code on our database.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.