Enable converting queries to prepared statement

DronaHQ Studio supports connecting to MySQL, PostgreSQL, Oracle, and MS SQL databases with a converting query to prepared statement facility. Usually, the statements in queries are static with a slow execution time, but with Enable converting queries to prepared statement, it makes the queries more dynamic having a faster execution time since they are already pre-complied. It also helps in preventing SQL injection attacks.

Simply, go to Connector and fill up the details to connect to the connector database of MySQL, PostgreSQL, Oracle, and MS SQL.

Enable the toggle button for Enable converting queries to prepared statement.

NOTE: The SQL injection is not prevented in the query editor, since the query editor tab is visible to only the admin of the app, but it will be prevented SQL injections when the query is run from the app.

Prepared Statement in action

Here we are injecting a malicious query in the variable field of Id which we have bound to the table grid view control.

Enable converting queries to prepared statement is toggled off:

Since the toggle was off, it is fetching all the details from the database.

Enable converting queries to prepared statement is toggled on:

Now that the toggle was on, it is preventing fetching extra details caused by SQL injections from the external user side.