This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JDBC and the fly likes Findbug issue -The code creates an SQL prepared statement from a nonconstant String Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " Watch "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " New topic
Author

Findbug issue -The code creates an SQL prepared statement from a nonconstant String

kanag janak
Greenhorn

Joined: Jan 14, 2010
Posts: 1
My program has the following code.The findbug is showing a the following bug.
The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.




Can anyone help me to fix this.

thanks
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If you have methods that take SQL as a parameter, SQL injection is possible. You will know how exposed this method is; can a client call it with their own SQL?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Findbug issue -The code creates an SQL prepared statement from a nonconstant String