This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JDBC and the fly likes General question regarding DBMS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "General question regarding DBMS" Watch "General question regarding DBMS" New topic
Author

General question regarding DBMS

Nelo Angelo
Ranch Hand

Joined: Jul 25, 2011
Posts: 44

Hello everyone,

while reading through the security guidelines, provided by OWASP, regarding SQL Injection Prevention, I came across "Escaping all User Supplied Input" (link). I don't have much knowledge regarding the general DBMS concepts so I couldn't understand its meaning. What does "escaping user input" actually mean in programming language or in DBMS ? A plain Google search gave results on how to do the "escaping" but not the definition of what it actually is.

So, please provide me the definition or any external link for this.


I love java but she hates me... :'(
Martin Vajsar
Sheriff

Joined: Aug 22, 2010
Posts: 3606
    
  60

I'd suggest trying Wikipedia first. It should be enough to introduce you into the problem.

I'd only like to emphasize you should always use bind variables to prevent SQL injection, that makes you 100% protected from this type of attacks. It is not very clear from that article. Don't concentrate on escaping very much, you really shouldn't ever need it. Only if you cannot use binds for some really serious and unavoidable reason (and I doubt it is ever the case), you'd need to do the escaping. It is actually very hard to get it 100% bulletproof.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: General question regarding DBMS
 
Similar Threads
escaping strings using Struts html:text tag
How to put clob in org.w3c.dom.Document
How do I recover the String
what are the other databases
Auto Complete in J2ME