如何在 App Engine JDO 中防止 SQL 注入
[英]How to prevent SQL injection In App Engine JDO
问题描述
Please Help..
请帮忙..
How to prevent SQL Injection at the Time of JDO INSERTION? JDO INSERTION时如何防止SQL注入?
My JDO class is MyData.Java我的 JDO 类是 MyData.Java
package com.jdo;
import java.util.Date;
import javax.jdo.annotations.PersistenceCapable;
import javax.jdo.annotations.Persistent;
import javax.jdo.annotations.PrimaryKey;
import javax.jdo.annotations.IdentityType;
@PersistenceCapable(identityType = IdentityType.APPLICATION,detachable="true")
public class MyData{
@PrimaryKey
@Persistent
private String id;
@Persistent
private String name;
@Persistent
private String address;
@Persistent
private Date addedDate;
/**
*
* @param id
* @param name
* @param address
*/
public MyData(String id,String name,String address) {
super();
this.id=id;
this.name=name;
this.address=address;
this.addedDate = new Date();
}
/**
* @return id
*/
public String getId(){
return this.id;
}
/**
*
* @return name;
*/
public String getname(){
return this.name;
}
/**
*
* @return addedDate
*/
public Date getAddedDate(){
return this.addedDate;
}
/**
*
* @param id
*/
public void setId(String id){
this.id=id;
}
/**
*
* @param name
*/
public void setName(String name){
this.name=name;
}
/**
*
* @param addedDate
*/
public void setaddedDate(Date addedDate){
this.addedDate=addedDate;
}
}
And i tried to insert using我尝试插入使用
MyData user=new MyData ("id001","Shana","Address");
user=MyDataDAO.saveData(user);
It is saving in table successfully..But i need to prevent it from SQL Injection...Please Help?它成功保存在表中..但我需要防止它被 SQL 注入...请帮忙?
1 个解决方案
解决方案1
1 2014-04-04 16:05:06
SQL injection occurs when you create queries by concatenating strings of plain text with strings of SQL.当您通过将纯文本字符串与 SQL 字符串连接起来创建查询时,就会发生 SQL 注入。
You don't need to worry if您无需担心,如果
- You're creating queries using prepared statements (which properly quote all values under the hood including untrusted ones), or您正在使用准备好的语句创建查询(正确引用引擎盖下的所有值,包括不受信任的值),或者
- You're using a good ORM which creates the queries by plugging object fields into a prepared statement or is careful to escape data values properly when serializing messages to the datastore.您正在使用一个很好的 ORM,它通过将对象字段插入到准备好的语句中来创建查询,或者在将消息序列化到数据存储时小心地正确转义数据值。
The code above looks like it falls into category 2.上面的代码看起来属于第 2 类。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Google App Engine-JDO-如何更新收藏集? - Google App Engine - JDO - How to update collection?
JDO关系 - App Engine - JDO Relationships - App Engine
Google App Engine JDO问题 - Google App Engine JDO problem
Google App Engine上的JDO UnsupportedDatastoreFeatureException - JDO UnsupportedDatastoreFeatureException on Google App Engine
Google App Engine中的JDO交易 - JDO Transaction in Google App Engine
Google App Engine JDO错误 - Google App Engine JDO error
如何在JDO中(在Google App Engine上)延迟加载属性? - How can I load a property lazily in JDO (on Google App Engine)?
App Engine中的JDO:拥有关系如何不依赖? - JDO in App Engine: how can an owned relationship be not dependent?
MPTT,如何在 Google App Engine 中使用 JDO 实现? - MPTT, how to implement in Google App Engine using JDO?
如何防止 JSP 中的 SQL 注入? - how to prevent SQL Injection in JSP?
相关标签