File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41621
The contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.

Ping & DNS - my free Android networking tools app
Pat Farrell

Joined: Aug 11, 2007
Posts: 4650

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
It is sorta covered in the JavaRanch Style Guide.
subject: How do we avoid SQL injection