Linked Questions

41 votes

4 answers

44k views

I have read and tried to inject vulnerable sql queries to my application. It is not safe enough. I am simply using the Statement Connection for database validations and other insertion operations. Is ...

0 votes

1 answer

3k views

I want to secure parameterized SQL query from SQL injections. I have gone through an article which described about avoiding SQL injections using PreparedStatement. link According to the article it ...

0 votes

1 answer

529 views

If we pass 1=1 in an SQL query it will return all data as it becomes true for all conditions. String query = "select * from users where userId= 'abcd' or '1'='1'"; I was looking into ...

0 votes

1 answer

1k views

I am trying to make a to-do list using NetBeans-8.0.2 and JavaFX (FXMLApplication) that stores memory into MySQL database. I know that, SQL query takes inverted comma -> ( ' ) and double quotation ->...

0 votes

0 answers

120 views

I have come to know that prepared statements are not guarantee to prevent SQL injection. How can SQL injection be done even using prepared statements?

251 votes

15 answers

295k views

The Prepared Statement is a slightly more powerful version of a Statement, and should always be at least as quick and easy to handle as a Statement. The Prepared Statement may be parametrized Most ...

110 votes

5 answers

108k views

How do I use prepared statements in SQlite in Android?

6 votes

3 answers

16k views

I am executing a stored procedure via standard JDBC Connection using MS SQL Driver version 3.0. I have found that when I create and insert data into a temporary table the stored procedure doesn't ...

16 votes

4 answers

5k views

I want to allow users to query a database with some fairly flexible criteria. I could just use the following: String slqCmdTxt = "SELECT * FROM TheTable WHERE " + userExpression; However, I know ...

8 votes

2 answers

11k views

I am wondering what are the differences and when to use Statement, PreparedStatement, and CallableStatement. What is the best practice and typical scenario of using each of these?

2 votes

3 answers

8k views

I have a method whose return type is customer which is a pojo. When I get required customerId from database I want to return the customer object with the corresponding data of that customerId. This ...

2 votes

2 answers

3k views

So I am trying to extract information from a PostgreSQL Database. Below is the method which extracts the data : public ResultSet dashboardQuerySurveyWithSelectedActions(String startDate, ...

0 votes

2 answers

4k views

Are there best practices how to avoid SQL injection in case of Mule Applications? I guess the general guide-lines "how to avoid SQL injection" would work here as well... Primary Defenses: Option 1:...

0 votes

2 answers

16k views

unable to compile jsp in netbeans with glass fish server3.1.2,it is showing the following exception org.apache.jasper.JasperException: PWC6033: Error in Javac compilation for JSP PWC6197: An error ...

0 votes

2 answers

5k views

I'm trying to get a SQL statement to select rows where a timestamp is between two given timestamps. here is what i tried. (this is on a Java servlet, and i java timestamp objects SELECT * FROM dates ...