Closed CodyTVWeber closed 1 week ago
Change SELECT query statements to not use *. So for example:
SELECT * FROM notes WHERE field1 = %1
should be changed to:
SELECT title, body FROM notes WHERE field1 = %1
This helps prevent the SELECT statement from returning unexpected data. Not quite as much of a security thing, more of a best practice.
Change SELECT query statements to not use *. So for example:
should be changed to:
This helps prevent the SELECT statement from returning unexpected data. Not quite as much of a security thing, more of a best practice.