Security

SQL Injection protection

If you look under the hood, Piccolo uses a custom class called QueryString for composing queries. It keeps query parameters separate from the query string, so we can pass parameterised queries to the engine. This helps prevent SQL Injection attacks.