From 21928443fa11918033c19445e97ee73a68c054d4 Mon Sep 17 00:00:00 2001
From: Jeff Bowman <10966749+InteXX@users.noreply.github.com>
Date: Tue, 23 Apr 2024 21:35:26 -0800
Subject: [PATCH] Added security advisory

Added advice to prevent SQL Injection attacks.
---
 How to Issue an Insert to Put Data Into a Database/Program.vb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/How to Issue an Insert to Put Data Into a Database/Program.vb b/How to Issue an Insert to Put Data Into a Database/Program.vb
index c1aaba6..b5a86ed 100644
--- a/How to Issue an Insert to Put Data Into a Database/Program.vb	
+++ b/How to Issue an Insert to Put Data Into a Database/Program.vb	
@@ -13,6 +13,10 @@ Module Program
         Dim connectionString As String = $"Data Source={DatabaseFileName};Version=3;"
 
         ' Set up parameterized SQL query
+        ' -----------------------------------------------------------------------------
+        ' Security Note: Never concatenate (or join) a string into a SQL statement.
+        ' Always use parameterized queries to prevent SQL Injection attacks.
+        ' -----------------------------------------------------------------------------
         Dim query As String = "INSERT INTO Users (Name, Country) VALUES (@Name, @Country)"
 
         Using conn As New SQLiteConnection(connectionString)