This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes JDBC and the fly likes Findbug issue -The code creates an SQL prepared statement from a nonconstant String Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " Watch "Findbug issue -The code creates an SQL prepared statement from a nonconstant String " New topic
Author

Findbug issue -The code creates an SQL prepared statement from a nonconstant String

kanag janak
Greenhorn

Joined: Jan 14, 2010
Posts: 1
My program has the following code.The findbug is showing a the following bug.
The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.




Can anyone help me to fix this.

thanks
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If you have methods that take SQL as a parameter, SQL injection is possible. You will know how exposed this method is; can a client call it with their own SQL?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Findbug issue -The code creates an SQL prepared statement from a nonconstant String
 
Similar Threads
Preapred stmt
SQL syntax error
DB2 Insert Problem - Invalid Table State
Statement, Prepared Statement, and CallableStatement
Find bug issue - A prepared statement is generated from a nonconstant String