Only 48 hours left in the trailboss' kickstarter!

New rewards and stretch goals. CLICK HERE!



  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SQL injection  RSS feed

 
Luis Fernandes
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

can someone help to configure out my app to prevent SQL injection ?

What can i do in resultSet ? i have to do something in my JTestField and JPasswordFile ?
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 36393
453
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luis,
SQL Injection refers to someone adding bad code to a statement. It has nothing to do with the resultset. By that point, it is too late.

The easiest way to prevent SQL injection is to always use prepared statements and make sure all values are supplied through bind variables as in:
field = ?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!