A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Joined: Sep 22, 2007
Oct 24, 2007 16:58:00
can someone help to configure out my app to prevent SQL injection ?
What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?
Luis Claudio<br />MCSE ; CCNA ; SCJP 5.0
Joined: May 26, 2003
Oct 24, 2007 17:56:00
refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.
The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?
How To Ask Questions The Smart Way
Blogging on Certs:
SCEA Part 1
Part 2 & 3
Core Spring 3
TOGAF part 1
I agree. Here's the link:
subject: SQL injection
Malware inserted into my JSP?
is server side validation is necessary always?
Using strings within strings to read vars?
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2014