Versions Compared

Old Version 29

changes.mady.by.user Hugo

Saved on

compared with

New Version Current

changes.mady.by.user PT

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titlePrevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction

English
JDBC Datalist Database Binder gives you the flexibility of designing a datalist by using your own custom SQL queries and database connection.

JDBC Datalist Properties

Configure JDBC Datalist Binder

Image Modified
Figure 1: JDBC Datalist Properties

...