SQL Injection attack prevention: Macros?

Discussion of open issues, suggestions and bugs regarding MyDAC (Data Access Components for MySQL) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
skydvrz
Posts: 32
Joined: Tue 23 Feb 2010 23:49
Location: Kissimmee, Florida USA
Contact:
Contact skydvrz

SQL Injection attack prevention: Macros?

Post by skydvrz » Wed 13 Feb 2013 21:39

I use :parameters in queries to prevent SQL injection attacks. Do &Macros have similar injection protection?
Top
DemetrionQ
Devart Team
Posts: 271
Joined: Wed 23 Jan 2013 11:21

Re: SQL Injection attack prevention: Macros?

Post by DemetrionQ » Mon 18 Feb 2013 15:05

Hello.

A macro doesn't protect from SQL Injection attack, as the SQL query text is modified at the client-side by replacing the macro with the specified text. And the generated SQL query is sent to the server. You can find more detailed information about macros work in the "Macros" article of the MyDAC Help.
Top
Post Reply

Return to “MySQL Data Access Components”