Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL Injection

 
anjali ray
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using prepared statement to get data from the database.
Does anybody knows of any way to do a SQL injection because in a prepared statement, whatever I enter if is using that as a search criteria.
Thanks,
Anjali
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"anjali",
Welcome to the JavaRanch.

We're a friendly group, but we do require members to have valid display names.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name since accounts with display names get deleted, often without warning

thanks,
Dave
 
Anil Kumar Saha
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
prepared statement is used to avoid SQL injection,which could be a major security threat.So, if you use prepared statement ,then you don't have to worry about SQL injection
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic