Databases Reference
In-Depth Information
Figure 8-18.
Using bind variables to protect against SQL injection attack
4.
Apply your changes and run your report one more time. You will find that your
report works as usual, and you can search for a customer by name. This time,
however, if you specify ' OR 1=1-- in the search field and click the Go button,
instead of retrieving the full list of customers from the table, it returns an
empty result set. This is shown in Figure 8-19.
Figure 8-19.
Trying the SQL injection attack again, this time on a protected form.
