Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JDBC and the fly likes can we write this method using prepared statement? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "can we write this method using prepared statement?" Watch "can we write this method using prepared statement?" New topic
Author

can we write this method using prepared statement?

anarkali perera
Ranch Hand

Joined: Sep 10, 2009
Posts: 237
i found that to avoid sql injection use prepared statement.But is it possible to use prepared statement for all times.

Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Yes, it is possible.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
anarkali perera
Ranch Hand

Joined: Sep 10, 2009
Posts: 237
then please tell me how?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Have a read through our JDBC FAQs, there is a wealth of information in there. Also Sun's JDBC tutorial explains how to use them.
Scott Selikoff
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3697
    
    5

Hi Anarkali,

Why don't you try rewriting your above code with PreparedStatements with the parameters separated out. Post that and we can take a look. As it stands now, your code is very prune to SQL injection. For example if I set username = " '; DELETE FROM student; SELECT * from student WHERE username=' ", you're going to have problems


My Blog: Down Home Country Coding with Scott Selikoff
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: can we write this method using prepared statement?
 
Similar Threads
is there a any validation API in java
authenticating website users with mysql dbase
login problem
null pointer exception after response.sendRedirect() in jsp page.
java.sql.SQLException: Parameter index out of range (5 > number of parameters, which is 4).