aspose file tools
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic
Author

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155
posted private message
0
Quote
Hi,

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Regards
Anil
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35247
    
    7
posted
0
Quote
The http://faq.javaranch.com/java/SecurityFaq contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.

Android appsImageJ pluginsJava web charts
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4422
    
    2

I like...
Linux Mac OSX VI Editor
posted private message
0
Quote
More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: How do we avoid SQL injection
 
Similar Threads
PreparedStatement - to use or not to use
SQL Injection
SQL Injection prevention
Does this sound believable?
Using strings within strings to read vars?