Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

sql injection in JDBC direct connection with mssql server

 
Sam Enric
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I found tutorials with JDBC at This Android Login With JDBC site. Also, these tutorials are concatenating query with variables. My question is this, is this a bad technique? i read sql injection is applicable on these type of queries. Is it right? I am newbie, waiting for the answer. !
 
Brian Tkatch
Bartender
Posts: 567
25
Linux Notepad Oracle
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it isn't using placeholders, it's a bad technique.

Placeholders allow the statement to be processed without the data, and ultimately executed with the data. No chance to manipulate what the statement does.
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sam Enric,

First of all, a warm welcome to CodeRanch!

Sam Enric wrote:My question is this, is this a bad technique? i read sql injection is applicable on these type of queries. Is it right?

Yes, the article is correct! When creating queries you should always use prepared statements. Using prepared statements has nothing but benefits:
  • no SQL injection attacks
  • you don't have to worry about character escaping (e.g. if your task name contains a quote, your current query will fail)
  • you might benefit from a performance advantage
  • More info about prepared statements can be found here.

    Hope it helps!
    Kind regards,
    Roel
     
    Sam Enric
    Greenhorn
    Posts: 4
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thanks a lot guys for quick response, coderanch is too good!
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic