This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes JDBC and Relational Databases and the fly likes SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "SQL injection" Watch "SQL injection" New topic
Author

SQL injection

Luis Fernandes
Greenhorn

Joined: Sep 22, 2007
Posts: 19
Hello,

can someone help to configure out my app to prevent SQL injection ?

What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?


Luis Claudio<br />MCSE ; CCNA ; SCJP 5.0
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 32481
    
214

Luis,
SQL Injection refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.

The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?


[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SQL injection
 
It's not a secret anymore!