wood burning stoves 2.0*
The moose likes JDBC and the fly likes Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Validation" Watch "Validation" New topic
Author

Validation

ashok r
Greenhorn

Joined: Aug 28, 2005
Posts: 9
In my project i have to display the details of a customer by his name.the problem raised to me in this me is that hacker can easily delete my table contents by just typing the delete command of sql in textbox in place of giving his name. this is possible when he correctly guessess the table name given by me.

pls help me in overcoming from this problem

thanx in advance
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Change the grants on the DB so users of your application only have rights to read data.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Use PreparedStatement instead of Statement to guard yourself against SQL injection attacks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61092
    
  66

"ashok.r",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
Forum Bartender
[ December 15, 2005: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Validation