diff options
Diffstat (limited to 'doc/user/application_security/dast/checks/89.1.md')
| -rw-r--r-- | doc/user/application_security/dast/checks/89.1.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/user/application_security/dast/checks/89.1.md b/doc/user/application_security/dast/checks/89.1.md index 231076240cc..688e2c49664 100644 --- a/doc/user/application_security/dast/checks/89.1.md +++ b/doc/user/application_security/dast/checks/89.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # SQL Injection @@ -20,7 +20,7 @@ situations where dynamic queries must be created, never use direct user input, b instead use a map or dictionary of valid values and resolve them using a user-supplied key. For example, some database drivers do not allow parameterized queries for `>` or `<` comparison -operators. In these cases, do not use a user supplied `>` or `<` value, but rather have the user +operators. In these cases, do not use a user-supplied `>` or `<` value, but rather have the user supply a `gt` or `lt` value. The alphabetical values are then used to look up the `>` and `<` values to be used in the construction of the dynamic query. The same goes for other queries where column or table names are required but can not be parameterized. |