aspose file tools
The moose likes JDBC and the fly likes Findbug issue -The code creates an SQL prepared statement from a nonconstant String Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Reply Bookmark "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " Watch "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " New topic
Author

Findbug issue -The code creates an SQL prepared statement from a nonconstant String

kanag janak
Greenhorn

Joined: Jan 14, 2010
Posts: 1
posted private message
0
Quote
My program has the following code.The findbug is showing a the following bug.
The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.




Can anyone help me to fix this.

thanks
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I like...
Eclipse IDE Hibernate Java
posted private message
0
Quote
If you have methods that take SQL as a parameter, SQL injection is possible. You will know how exposed this method is; can a client call it with their own SQL?

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Findbug issue -The code creates an SQL prepared statement from a nonconstant String
 
Similar Threads
SQL syntax error
DB2 Insert Problem - Invalid Table State
Statement, Prepared Statement, and CallableStatement
Preapred stmt
Find bug issue - A prepared statement is generated from a nonconstant String