Bye,
Nicola
You should not use the JDBC/ODBC driver in web apps
Bye,
Nicola
Tim Moores wrote:You should not use the JDBC/ODBC driver in web apps; it's buggy, it's slow and -most importantly- not thread-safe. There's also no need to register the driver for each access - do it once in the init method of the servlet and be done with it. And you should close each connection you open (unless you're using a connection pool, but let's get the basics right first before delving into that).
You also urgently need to read up on what SQL injection is, and how to avoid it. The web is a hostile place, and this code invites attacks as it is: https://coderanch.com/how-to/java/SecurityFaq#web-apps
Are you getting any error messages in the log files?
Yes, if you always use bind variables (the question marks in the statement text) for every value that came from outside of your program and bind them as a correct type (strings as strings, numbers as numbers, dates as dates etc.), you're once and for all safe from SQL injection attacks.Punit Jain wrote:okay thank you..
i have done with using prepared statement..
well is that only sufficient from sql injunctions??
Do you have SSL set up for everything related to login, payment and user data?
have you implemented to prevent cross-site scripting
Punit Jain wrote:
Do you have SSL set up for everything related to login, payment and user data?
but i think this will be provided by the service provider (i mean the domain service provider)...
have you implemented to prevent cross-site scripting
for this i will use some java script..
Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters? |