with datamodule1.temp_sql do
sql.add('UPDATE table1 SET ');
sql.add(' CustomerID= "'+hidden_cust_id.text+'" ');
but i was told there may be security issues if i didnt check what user has entered into hidden_cust_id.text. Is there some way to terminate current sql command and to write other one using this input parameter (hidden_cust_id.text)? Any way to prevent that? any checking(filtering) routine?
Well, there is a simple solution by replacing all ' and " that the user adds to the input with two ' or ". Something StringReplace could easily do for you. In that case, the dangerous query I showed would
More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.
This article explains how to create forms/units independent of other forms/units object names in a delphi project.
Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
This Article will show you how to validate number with TEdit control,
What's the TEdit control?
TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…