The method suggested previously by me (using Create from Template to create the full sql statement) leaves open a possible security hole (known as 'SQL Injection') that would cause execution of additional sql statements included in the SomeValue parameter (by using appropriatly escaped quotes and semicolons) .
My colleague, Youval, has suggested a safer method, illustrated in the following screenshot:
This implementation should prevent injections, leaving the JDBC driver to handle the intricacies of correctly escaping parameters as needed.
Regards,
David
To use the full functionality of this web site, JavaScript needs to be turned on.
For best results, use the Firefox browser..
Copyright © 2003-2017 - Tersus Software Ltd., All rights reserved. Terms of Use License Graphic design by EmaraDesign