stackoom
  简体   繁体   中英

How to prevent my website from sql Injection? Struts

 原文  2013-10-21 09:30:36       java/ mysql/ struts2/ sql-injection

Question

how to prevent my website from doing sql injection in it

I am working using Struts 2 , DB MY sql .

1 answers

solution1
 0  2013-10-21 09:45:33

The best way I think is to not re-invent the wheel and use the tools already available. For a small project I would recommend to simply use prepared statements when querying your database.

http://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html

You could also look into using an ORM like Hybernate. But make sure to use it as intended. Even HQL can be susceptible to injection. See: how much safe from SQL-Injection if using hibernate

The important thing is to not write your own native queries by concatenating query strings with values from untrusted sources.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Prevent this statement from SQL injection how to prevent SQL Injection in JSP? How to prevent sql injection in JPA How does a PreparedStatement avoid or prevent SQL injection? how to prevent sql injection attack in android? How to prevent SQL injection In App Engine JDO How to prevent SQL Injection with JPA and Hibernate? Prevent Sql Injection (Java) Prevent SQL injection from form-generated SQL - NO PreparedStmts Create database from user input with prepared statement to prevent SQL injection
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM