This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How do we avoid SQL injection

 
Anil Verghese
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Regards
Anil
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The http://faq.javaranch.com/java/SecurityFaq contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic