Databases
StackOverflow2013
Usersdbo
USCharles Burns
 

Note that there are some explanatory texts on larger screens.

plurals
  1. USCharles Burns
    primarykey
    data
    text
    plurals
    1. PO
      singulars
      1. PTAnswer
    2. POData structure for storing serial port data in firmware
      singulars
      1. PTQuestion
    3. POOracle - Is there any effect of not having a primary key on a table?
      singulars
      1. PTQuestion
    1. POHow do I make a QVector of widgets?
      singulars
      1. PTQuestion
    2. POQt: QImage always saves transparent color as black
      singulars
      1. PTQuestion
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POFinding percentage time by hour from irregular dates
      1. USCharles Burns
      1. VTFavorite
    2. VO
      singulars
      1. POC# ADO.NET: nulls and DbNull -- is there more efficient syntax?
      1. USCharles Burns
      1. VTFavorite
    3. VO
      singulars
      1. POSaving QPixmap as JPEG results in vertical lines
      1. USCharles Burns
      1. VTFavorite
    1. CO@Col.Shrapnel: "some attacks take advantage of known data transformations" has a lot to do with 2O injection. Please see my URI. Is the OP's exact SQL vulnerable to this specific attack? Probably not. That isn't the point. The point is mutating the data can add unneeded complexity, and examples exist where doing so actually creates security holes. This is likely not the most complex SQL he'll ever write. The IN() note was to your point that binding avoids injection. Yes it does. No, it's not always an option. Based on your impressive rep, I assume this is a misunderstanding and not trolling.
      singulars
      1. PO
      1. USCharles Burns
    2. CO@Col.Shrapnel: It is true though that in the common cases, queries that use binding and have no dynamically generated parts, I know of no way whatsoever to SQL inject through the parameterized query. I hesitate to use words like "impossible", though, because information security is still a young field and the "impossible" becomes the norm frequently. Remember Oracle's embarrassment around their ad campaign, "Can't break it. Can't break in." Turns out you can...
      singulars
      1. PO
      1. USCharles Burns
    3. COThe second paragraph is about second order injection. True, in the simple case of the OP, second-order injection would probably not be a problem, but in many real-world situations, binding can only be used for parts of the query. For example, binding cannot replace column or table names, which occasionally need to be generated based on user-input (though I think it's best to design around this if possible). Binding can also not be used with IN(var1, var2...varN) statements without dynamically generating the query.
      singulars
      1. PO
      1. USCharles Burns
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload