Added security advisory

InteXX · web-flow · commit 21928443fa11 · 2024-04-23T21:35:26.000-08:00
Added advice to prevent SQL Injection attacks.
diff --git a/How to Issue an Insert to Put Data Into a Database/Program.vb b/How to Issue an Insert to Put Data Into a Database/Program.vb
@@ -13,6 +13,10 @@ Module Program
         Dim connectionString As String = $"Data Source={DatabaseFileName};Version=3;"
 
         ' Set up parameterized SQL query
+        ' -----------------------------------------------------------------------------
+        ' Security Note: Never concatenate (or join) a string into a SQL statement.
+        ' Always use parameterized queries to prevent SQL Injection attacks.
+        ' -----------------------------------------------------------------------------
         Dim query As String = "INSERT INTO Users (Name, Country) VALUES (@Name, @Country)"
 
         Using conn As New SQLiteConnection(connectionString)
