This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
The contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.
Pat Farrell

Joined: Aug 11, 2007
Posts: 4659

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
I agree. Here's the link:
subject: How do we avoid SQL injection
It's not a secret anymore!