Skip to content

Commit 5b1e138

Browse files
geoffw0geoffw0
committed
Swift: Another qhelp edit.
1 parent 495f744 commit 5b1e138

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

swift/ql/src/queries/Security/CWE-089/SqlInjection.qhelp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,12 @@ Most database connector libraries offer a way of safely embedding untrusted data
1818
</recommendation>
1919
<example>
2020

21-
<p>In the following example, a SQL query is prepared using string interpolation to directly include a user-controlled value <code>userControlledString</code> in the query. An attacker could craft the part they control to change the overall meaning of the SQL query.
21+
<p>In the following example, a SQL query is prepared using string interpolation to directly include a user-controlled value <code>userControlledString</code> in the query. An attacker could craft <code>userControlledString</code> in such a way as to change the overall meaning of the SQL query.
2222
</p>
2323

2424
<sample src="SqlInjectionBad.swift" />
2525

26-
<p>A better way to do this is with a prepared statement, binding <code>userControlledString</code> to a parameter of that statement. An attacker who controls the contents of that parameter cannot change the overall meaning of the query.
26+
<p>A better way to do this is with a prepared statement, binding <code>userControlledString</code> to a parameter of that statement. An attacker who controls <code>userControlledString</code> now cannot change the overall meaning of the query.
2727
</p>
2828

2929
<sample src="SqlInjectionGood.swift" />

0 commit comments

Comments
 (0)