wood burning stoves 2.0*
The moose likes JDBC and the fly likes Findbug issue -The code creates an SQL prepared statement from a nonconstant String Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " Watch "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " New topic
Author

Findbug issue -The code creates an SQL prepared statement from a nonconstant String

kanag janak
Greenhorn

Joined: Jan 14, 2010
Posts: 1
My program has the following code.The findbug is showing a the following bug.
The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.




Can anyone help me to fix this.

thanks
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If you have methods that take SQL as a parameter, SQL injection is possible. You will know how exposed this method is; can a client call it with their own SQL?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Findbug issue -The code creates an SQL prepared statement from a nonconstant String
 
Similar Threads
Preapred stmt
SQL syntax error
Statement, Prepared Statement, and CallableStatement
Find bug issue - A prepared statement is generated from a nonconstant String
DB2 Insert Problem - Invalid Table State