This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JDBC and the fly likes SQL injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "SQL injection" Watch "SQL injection" New topic

SQL injection

Luis Fernandes

Joined: Sep 22, 2007
Posts: 19

can someone help to configure out my app to prevent SQL injection ?

What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?

Luis Claudio<br />MCSE ; CCNA ; SCJP 5.0
Jeanne Boyarsky
internet detective

Joined: May 26, 2003
Posts: 30356

SQL Injection refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.

The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
I agree. Here's the link:
subject: SQL injection