This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Security and the fly likes SQL Injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "SQL Injection" Watch "SQL Injection" New topic

SQL Injection

anjali ray

Joined: Mar 12, 2005
Posts: 28
I am using prepared statement to get data from the database.
Does anybody knows of any way to do a SQL injection because in a prepared statement, whatever I enter if is using that as a search criteria.
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Welcome to the JavaRanch.

We're a friendly group, but we do require members to have valid display names.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name since accounts with display names get deleted, often without warning

Anil Kumar Saha
Ranch Hand

Joined: Apr 07, 2004
Posts: 111
prepared statement is used to avoid SQL injection,which could be a major security threat.So, if you use prepared statement ,then you don't have to worry about SQL injection


Anil Kumar Saha
SCJP 1.4
I agree. Here's the link:
subject: SQL Injection
It's not a secret anymore!