File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
The contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.
Pat Farrell

Joined: Aug 11, 2007
Posts: 4659

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
I agree. Here's the link:
subject: How do we avoid SQL injection
It's not a secret anymore!