Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL injection

 
Luis Fernandes
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

can someone help to configure out my app to prevent SQL injection ?

What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34410
346
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luis,
SQL Injection refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.

The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic