stackoom
  简体   繁体   中英

How to prevent SQL injection In App Engine JDO

 原文  2014-04-04 16:01:20       java/ google-app-engine/ jdo

Question

Please Help..

How to prevent SQL Injection at the Time of JDO INSERTION?

My JDO class is MyData.Java

package com.jdo;

import java.util.Date;
import javax.jdo.annotations.PersistenceCapable;
import javax.jdo.annotations.Persistent;
import javax.jdo.annotations.PrimaryKey;
import javax.jdo.annotations.IdentityType;


@PersistenceCapable(identityType = IdentityType.APPLICATION,detachable="true")
public class MyData{
    @PrimaryKey
    @Persistent
    private String id;

    @Persistent
    private String name;

    @Persistent
    private String address;


    @Persistent
    private Date addedDate;

    /**
     * 
     * @param id
     * @param name
     * @param address
     */
    public MyData(String id,String name,String address) {
        super();
        this.id=id;
        this.name=name;
        this.address=address;
        this.addedDate = new Date();
    }


    /**
     * @return id
     */
    public String getId(){
        return this.id;
    }

    /**
     * 
     * @return name;
     */
    public String getname(){
        return this.name;
    }

    /**
     * 
     * @return addedDate
     */
    public Date getAddedDate(){
        return this.addedDate;
    }


    /**
     * 
     * @param id
     */
    public void setId(String id){
        this.id=id;
    }

    /**
     * 
     * @param name
     */
    public void setName(String name){
        this.name=name;
    }

    /**
     * 
     * @param addedDate
     */
    public void setaddedDate(Date addedDate){
        this.addedDate=addedDate;
    }


}

And i tried to insert using

MyData user=new MyData ("id001","Shana","Address");                 
user=MyDataDAO.saveData(user);

It is saving in table successfully..But i need to prevent it from SQL Injection...Please Help?

1 answers

solution1
 1  2014-04-04 16:05:06

SQL injection occurs when you create queries by concatenating strings of plain text with strings of SQL.

You don't need to worry if

  1. You're creating queries using prepared statements (which properly quote all values under the hood including untrusted ones), or
  2. You're using a good ORM which creates the queries by plugging object fields into a prepared statement or is careful to escape data values properly when serializing messages to the datastore.

The code above looks like it falls into category 2.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google App Engine - JDO - How to update collection? JDO Relationships - App Engine Google App Engine JDO problem JDO UnsupportedDatastoreFeatureException on Google App Engine JDO Transaction in Google App Engine Google App Engine JDO error How can I load a property lazily in JDO (on Google App Engine)? JDO in App Engine: how can an owned relationship be not dependent? MPTT, how to implement in Google App Engine using JDO? how to prevent SQL Injection in JSP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM