File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes How do we avoid SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How do we avoid SQL injection" Watch "How do we avoid SQL injection" New topic

How do we avoid SQL injection

Anil Verghese
Ranch Hand

Joined: Oct 11, 2006
Posts: 155

Are there tools to avoid sql injection or is there a way to prevent it from happening?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41151
The contains links to two articles about SQL injection.

The key is not to put parameters directly into queries. With straight JDBC, use PreparedStatement; with Hibernate, use the Query class and setParameter.

Ping & DNS - my free Android networking tools app
Pat Farrell

Joined: Aug 11, 2007
Posts: 4646

More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.

Even more generally, never trust anything from a user.
wood burning stoves
subject: How do we avoid SQL injection
Similar Threads
SQL Injection prevention
Does this sound believable?
PreparedStatement - to use or not to use
SQL Injection
Using strings within strings to read vars?