Prevent SQL injection attacks in a Java program

by

You need to use PreparedStatement.
e.g.

String insert = "INSERT INTO customer(name,address,email) VALUES(?, ?, ?);";
PreparedStatement ps = connection.prepareStatement(insert);
ps.setString(1, name);
ps.setString(2, addre);
ps.setString(3, email);

ResultSet rs = ps.executeQuery();

This will prevent injection attacks.

The way the hacker puts it in there is if the String you are inserting has come from input somewhere – e.g. an input field on a web page, or an input field on a form in an application or similar.

More Related Contents:

  1. How do I get a result across 2 tables
  2. Hours and seconds are lost when storing a date in the database [closed]
  3. Multiple queries executed in java in single statement
  4. Java – escape string to prevent SQL injection
  5. How does a PreparedStatement avoid or prevent SQL injection?
  6. MySQL and JDBC with rewriteBatchedStatements=true
  7. “EEE MMM dd HH:mm:ss ZZZ yyyy” date format to java.sql.Date
  8. right syntax to use near ‘?’
  9. Running a .sql script using MySQL with JDBC
  10. LINQ for Java tool [closed]
  11. java.sql.SQLException: No suitable driver found for jdbc:mysql://localhost:3306/dbname [duplicate]
  12. How to prevent SQL Injection with JPA and Hibernate?
  13. How to use prepared statement for select query in Java?
  14. A datetime equivalent in java.sql ? (is there a java.sql.datetime ?)
  15. Hibernate Criteria API: get n random rows
  16. Getting last record from mysql
  17. MySQL query to get Records in Result set
  18. How do I get the size of a java.sql.ResultSet?
  19. What is the best approach using JDBC for parameterizing an IN clause? [duplicate]
  20. How to print a query string with parameter values when using Hibernate
  21. Java JDBC MySQL exception: “Operation not allowed after ResultSet closed”
  22. Convert BufferedInputStream into image [duplicate]
  23. How can I avoid ResultSet is closed exception in Java?
  24. Any Java libraries out there that validate SQL syntax? [closed]
  25. Hibernate Group by Criteria Object
  26. how to get list of Databases “Schema” names of MySql using java JDBC
  27. Is there a way to retrieve the autoincrement ID from a prepared statement
  28. Easiest way to convert a Blob into a byte array
  29. MyBatis executing multiple sql statements in one go, is that possible?
  30. A persistent connection with JDBC to MySQL

Leave a Comment