"all we need to specify is the name of the database file.\n",
"Other systems may require us to provide a username and password as well.\n",
"Line 3 then uses this connection to create\n",
- "a [cursor](../../gloss.html#cursor);\n",
+ "a [cursor](https://github.com/swcarpentry/bc/blob/master/gloss.md#cursor);\n",
"just like the cursor in an editor,\n",
"its role is to keep track of where we are in the database.\n",
"\n",
"If we execute this,\n",
"it will erase one of the tables in our database.\n",
" \n",
- "This is called an [SQL injection attack](../../gloss.html#sql-injection-attack),\n",
+ "This is called an [SQL injection attack](https://github.com/swcarpentry/bc/blob/master/gloss.md#sql-injection-attack),\n",
"and it has been used to attack thousands of programs over the years.\n",
"In particular,\n",
"many web sites that take data from users insert values directly into queries\n",
"the safest way to deal with this threat is\n",
"to replace characters like quotes with their escaped equivalents,\n",
"so that we can safely put whatever the user gives us inside a string.\n",
- "We can do this by using a [prepared statement](../../gloss.html#prepared-statement)\n",
+ "We can do this by using a [prepared statement](https://github.com/swcarpentry/bc/blob/master/gloss.md#prepared-statement)\n",
"instead of formatting our statements as strings.\n",
"Here's what our example program looks like if we do this:"
]