File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes Findbug issue -The code creates an SQL prepared statement from a nonconstant String Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " Watch "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " New topic
Author

Findbug issue -The code creates an SQL prepared statement from a nonconstant String

kanag janak
Greenhorn

Joined: Jan 14, 2010
Posts: 1
My program has the following code.The findbug is showing a the following bug.
The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.




Can anyone help me to fix this.

thanks
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If you have methods that take SQL as a parameter, SQL injection is possible. You will know how exposed this method is; can a client call it with their own SQL?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Findbug issue -The code creates an SQL prepared statement from a nonconstant String