File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL Injection

 
ford Darcy Jr
Ranch Hand
Posts: 76
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

How can I avoid the effects of SQL injection in my webapp. I am using servlets to develop my application. I am also using prepared statements. My query goes something like this:

Select * from tablename where column1 like '%" + Column1 + "%';

Can anybody please suggest how to modify my sql query to avoid sql injection effects.

Thanks.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64205
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is much more of a JDBC question than one on servlets. I'll recommend that this be moved.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64205
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You say that you are using a prepared statement, and yet



you are not taking advantage of the parameterization.

Rather



and use the setString() method to set the value of the ?.
[ August 09, 2005: Message edited by: Bear Bibeault ]
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic