Search...
FAQs
Subscribe
Pie
FAQs
Recent topics
Flagged topics
Hot topics
Best topics
Search...
Search within Security
Search Coderanch
Advance search
Google search
Register / Login
Post Reply
Bookmark Topic
Watch Topic
New Topic
programming forums
Java
Mobile
Certification
Databases
Caching
Books
Engineering
Micro Controllers
OS
Languages
Paradigms
IDEs
Build Tools
Frameworks
Application Servers
Open Source
This Site
Careers
Other
Pie Elite
all forums
this forum made possible by our volunteer staff, including ...
Marshals:
Campbell Ritchie
Jeanne Boyarsky
Ron McLeod
Paul Clapham
Liutauras Vilda
Sheriffs:
paul wheaton
Rob Spoor
Devaka Cooray
Saloon Keepers:
Stephan van Hulst
Tim Holloway
Carey Brown
Frits Walraven
Tim Moores
Bartenders:
Mikalai Zaikin
Forum:
Security
How do we avoid SQL injection
Anil Verghese
Ranch Hand
Posts: 155
posted 16 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
Hi,
Are there tools to avoid sql injection or is there a way to prevent it from happening?
Regards
Anil
Ulf Dittmer
Rancher
Posts: 43081
77
posted 16 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
The
http://faq.javaranch.com/java/SecurityFaq
contains links to two articles about SQL injection.
The key is not to put parameters directly into queries. With straight
JDBC
, use PreparedStatement; with Hibernate, use the Query class and setParameter.
Pat Farrell
Rancher
Posts: 4803
7
I like...
posted 16 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
More generally, never trust anything that comes from a browser. You may think its a browser, but it could be a program posing as a browser.
Even more generally, never trust anything from a user.
Don't get me started about those stupid
light bulbs
.
reply
reply
Bookmark Topic
Watch Topic
New Topic
Boost this thread!
Similar Threads
Does this sound believable?
SQL Injection prevention
Using strings within strings to read vars?
PreparedStatement - to use or not to use
SQL Injection
More...