A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
How do we avoid SQL injection
Joined: Oct 11, 2006
Nov 23, 2007 22:11:00
Are there tools to avoid sql injection or is there a way to prevent it from happening?
Joined: Mar 22, 2005
Nov 24, 2007 01:06:00
contains links to two articles about SQL injection.
The key is not to put parameters directly into queries. With straight
, use PreparedStatement; with Hibernate, use the Query class and setParameter.
Joined: Aug 11, 2007
Nov 24, 2007 21:26:00
More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.
Even more generally, never trust anything from a user.
Have you checked out
subject: How do we avoid SQL injection
Does this sound believable?
SQL Injection prevention
Using strings within strings to read vars?
PreparedStatement - to use or not to use
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015