top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to prevent SQL Injection in Java Code?

+1 vote
496 views
How to prevent SQL Injection in Java Code?
posted Mar 10, 2016 by Abu Anam

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+2 votes

Use prepared statement in java like below code segment and this will sql injection.this code is not vulnerable to SQL Injection because it correctly uses parameterized queries .it utilizes Java's PreparedStatement class, bind variables and the corresponding setString methods, SQL Injection can be easily prevented.
See this example:

String insert = "INSERT INTO QueryHomeUserDetails(name,email,interest) VALUES(?, ?, ?);";    //to bind variables 
PreparedStatement preparedStatement = connection.prepareStatement(insert);
preparedStatement.setString(1, name);
preparedStatement.setString(2,email);
preparedStatement.setString(3,interest);
ResultSet resultSet = preparedStatement.executeQuery();
answer Mar 10, 2016 by Shivam Kumar Pandey
Similar Questions
+3 votes

Implement a code that counts the occurrences of each word in an input file and write the word along with corresponding count in an output file sorted by the words alphabetically.

Sample Input

Gaurav is  a Good Boy
Sita is a Good Girl
Tommy is  a Good Dog
Ram is a Good person

Sample Output

D:\>Java FileWordCount inputFile.txt outputFile.txt
    Boy : 1
    Dog : 1
    Gaurav : 1
    Girl : 1
    Good : 4
    Ram : 1
    Sita : 1
    Tommy : 1
    a : 4
    is : 4
    person : 1
...