A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Win a copy of
Java SE 8 for the Really Impatient
this week in the
Joined: Sep 22, 2007
Oct 24, 2007 16:58:00
can someone help to configure out my app to prevent SQL injection ?
What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?
Luis Claudio<br />MCSE ; CCNA ; SCJP 5.0
Joined: May 26, 2003
Oct 24, 2007 17:56:00
refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.
The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?
How To Ask Questions The Smart Way
Blogging on Certs:
SCEA Part 1
Part 2 & 3
Core Spring 3
TOGAF part 1
With a little knowledge, a
cast iron skillet
is non-stick and lasts a lifetime.
subject: SQL injection
Using strings within strings to read vars?
is server side validation is necessary always?
Malware inserted into my JSP?
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2014