File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JDBC and Relational Databases and the fly likes Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "Validation" Watch "Validation" New topic


ashok r

Joined: Aug 28, 2005
Posts: 9
In my project i have to display the details of a customer by his name.the problem raised to me in this me is that hacker can easily delete my table contents by just typing the delete command of sql in textbox in place of giving his name. this is possible when he correctly guessess the table name given by me.

pls help me in overcoming from this problem

thanx in advance
Paul Sturrock

Joined: Apr 14, 2004
Posts: 10336

Change the grants on the DB so users of your application only have rights to read data.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Paul Clapham

Joined: Oct 14, 2005
Posts: 19973

Use PreparedStatement instead of Statement to guard yourself against SQL injection attacks.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63844


There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Forum Bartender
[ December 15, 2005: Message edited by: Bear Bibeault ]

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: Validation
It's not a secret anymore!