Meaningless Drivel is fun!
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42958
The contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.
Pat Farrell

Joined: Aug 11, 2007
Posts: 4659

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
Have you checked out Aspose?
subject: How do we avoid SQL injection
It's not a secret anymore!