The EGL Development User Group is dedicated to sharing news, knowledge, and insights regarding the EGL language and Business Developer product. Consisting of IBMers, HCL, and users, this community collaborates to advance the EGL ecosystem.
Hello everyone,
Is there an example on how toavoid SQL injection attacks in prepare statement for db2 database?
Hi,
Maybe I am not understanding your question, but from Googling "avoid SQL injection attacks in prepare statement for DB2", it would seem that using the prepare is the right way to do this. See one link I found.
http://www.programmerinterview.com/index.php/database-sql/example-of-prepared-statements-and-sql-injection-prevention/
Is that what you are asking?
Mark
Michael,
The best way to prevent attacks is to never allow dynamic SQL in cllient application.
Use SQL Stored Procedures.
regards,
Hsieh
An example about Stored Procedures would be very useful. Anyway, I found this http://www.ibm.com/support/knowledgecenter/SSMQ79_7.5.1.6/com.ibm.etools.egl.sql.tutorial.doc/topics/finishedcode/egl_code05-01-04b.html
can anybody confirm that this way is secure?