To avoid attacks and errors, it is vitally important that, when using variables (e.g. from a form or a process table field) within a SQL statement, only valid data is written.
If you want to check an input in an SQL statement from your form (e.g. from a text field) and you expect a number in it, you must first ensure that this value is a numeric value (example 1).
Example 1: SELECT * FROM TABLE1 WHERE BOOKED = [booked]
In the worst case a text instead of an expected number could be obtained. This could change the SQL statement (example 2).
Example 2: SELECT * FROM TABLE1 WHERE BOOKED = 1 OR BOOKED = 2
To avoid these unwanted inputs and change values selectively in order to read or write, JobRouter offers functions for handling variables.
These functions are explained in the following chapter in more detail.
