aspose file tools*
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic
Author

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155
Hi,

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Regards
Anil
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41896
    
  63
The http://faq.javaranch.com/java/SecurityFaq contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.


Ping & DNS - my free Android networking tools app
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How do we avoid SQL injection