This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Servlets and the fly likes webapp sql injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » Servlets
Bookmark "webapp sql injection" Watch "webapp sql injection" New topic

webapp sql injection

Peter Straw
Ranch Hand

Joined: Jan 08, 2002
Posts: 79
Is it true that using a PreparedStatement for a database query provides more security against malicious attacks than a Statement object would?
Many thanks,
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
Not that I'm aware of. What sort of "malicious attacks" are you thinking of?

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Peter Straw
Ranch Hand

Joined: Jan 08, 2002
Posts: 79
Like on a login page, if the user enters John as the username and
' or 1=1 --
as the password, then the query will be :
select count(*) from users where userName='john' and userPass=''
or 1=1 --'
which may just get them into the webapp illegally.
Have you checked out Aspose?
subject: webapp sql injection
It's not a secret anymore!