How to prevent SQL Injection in Java Code?

Question

Implement a code that counts the occurrences of each word in an input file and write the word along with corresponding count in an output file sorted by the words alphabetically.

Sample Input

Gaurav is  a Good Boy
Sita is a Good Girl
Tommy is  a Good Dog
Ram is a Good person

Sample Output

D:\>Java FileWordCount inputFile.txt outputFile.txt
    Boy : 1
    Dog : 1
    Gaurav : 1
    Girl : 1
    Good : 4
    Ram : 1
    Sita : 1
    Tommy : 1
    a : 4
    is : 4
    person : 1

Answer 1

Use prepared statement in java like below code segment and this will sql injection.this code is not vulnerable to SQL Injection because it correctly uses parameterized queries .it utilizes Java's PreparedStatement class, bind variables and the corresponding setString methods, SQL Injection can be easily prevented.
See this example:

String insert = "INSERT INTO QueryHomeUserDetails(name,email,interest) VALUES(?, ?, ?);";    //to bind variables 
PreparedStatement preparedStatement = connection.prepareStatement(insert);
preparedStatement.setString(1, name);
preparedStatement.setString(2,email);
preparedStatement.setString(3,interest);
ResultSet resultSet = preparedStatement.executeQuery();