(TechNote) Some databases let you send multiple SQL statements in a single query. Because of this, there are potential security risks when you pass parameters in a query string to a dynamically generated database query. Hackers might try to modify URL or form variables in a dynamic query by appending malicious SQL statements to existing parameters. This is often referred to as a SQL injection attack. Some of the server behavior code created by Dreamweaver should be modified to reduce the risk of SQL injection attacks. For more background information on SQL injection, see this Wikipedia article.
September 28, 2006