File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes webapp sql injection Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "webapp sql injection" Watch "webapp sql injection" New topic
Author

webapp sql injection

Peter Straw
Ranch Hand

Joined: Jan 08, 2002
Posts: 79
Hi,
Is it true that using a PreparedStatement for a database query provides more security against malicious attacks than a Statement object would?
Many thanks,
Peter
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
Not that I'm aware of. What sort of "malicious attacks" are you thinking of?


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Peter Straw
Ranch Hand

Joined: Jan 08, 2002
Posts: 79
Like on a login page, if the user enters John as the username and
' or 1=1 --
as the password, then the query will be :
select count(*) from users where userName='john' and userPass=''
or 1=1 --'
which may just get them into the webapp illegally.
 
 
subject: webapp sql injection