SQL Injection attack prevention: Macros?
Posted: Wed 13 Feb 2013 21:39
I use :parameters in queries to prevent SQL injection attacks. Do &Macros have similar injection protection?
Hello.
A macro doesn't protect from SQL Injection attack, as the SQL query text is modified at the client-side by replacing the macro with the specified text. And the generated SQL query is sent to the server. You can find more detailed information about macros work in the "Macros" article of the MyDAC Help.