This week's book giveaway is in the General Computing forum.
We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line!
See this thread for details.
The moose likes JDBC and the fly likes Struts and SQL Injection. Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Databases » JDBC
Reply Bookmark "Struts and SQL Injection." Watch "Struts and SQL Injection." New topic
Author

Struts and SQL Injection.

pawan chopra
Ranch Hand

Joined: Jan 23, 2008
Posts: 366

I like...
jQuery Mac Objective C
posted private message
0
Quote
Hi,

I want to know that does Struts prevents from SQL Injection? If yes then how? Thanks!

Pawan Chopra
SCJP - DuMmIeS mInD
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17243
    
    1

I like...
IntelliJ IDE Mac Spring
posted
0
Quote
pawan chopra wrote:Hi,

I want to know that does Struts prevents from SQL Injection? If yes then how? Thanks!


No, it isn't Struts responsibility to prevent SQL injection.

Mark

Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
posted
0
Quote
No, SQL injection is not related to Struts or any web frameworks, you can prevent SQL injection by using PreparedStatement.

SCJA 1.0, SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCJP 5.0, SCEA 5, SCBCD 5; OCUP - Fundamental, Intermediate and Advanced; IBM Certified Solution Designer - OOAD, vUML 2; SpringSource Certified Spring Professional
pawan chopra
Ranch Hand

Joined: Jan 23, 2008
Posts: 366

I like...
jQuery Mac Objective C
posted private message
0
Quote
Kengkaj Sathianpantarit wrote:No, SQL injection is not related to Struts or any web frameworks, you can prevent SQL injection by using PreparedStatement.


Can you suggest me any link? Thanks!
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
posted
0
Quote
http://google.com/search?q=preparedstatement+tutorial+site:sun.com

Code depot of a Java EE / JSF developer | JSF / Eclipse / Tomcat kickoff tutorial | DAO kickoff tutorial | I ♥ Unicode
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2350

I like...
C++ Linux Netbeans IDE
posted private message
0
Quote
There are some pointers on the JavaRanch Security FAQ

OCUP UML fundamental
ITIL foundation
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Struts and SQL Injection.
 
Similar Threads
avoid sql injection
PreparedStatement - to use or not to use
Struts XSS and SQL Injection vulnerabilities
Does this sound believable?
Using strings within strings to read vars?