What better way to check SQL injection of names field, names tables in JdbcTemplate.batchUpdate?
Question
In insert query I use SEQUENCE, because of this I refused to use SimpleJdbcInsert....executeBatch(data);
String sql = "INSERT INTO "+ schema +"."+ tableName +" (id, " + fieldName1 + ", " + fieldName2 + ") VALUES (BUF_SEQ.nextval, ?, ?)";
List<Object[]> recordValues = new ArrayList<Object[]>();
//... add values of records to recordValues list
// run bash update for insert
jdbcTemplate.batchUpdate(sql, recordValues);
Maybe someone can suggest a better way use Springframework jdbc? To insert a large number of records. To test the field names in the SQL injection. ?
1 answers
solution1
2 2015-08-07 09:19:05
1) Instead of calling sequence in your insert query, create a trigger on id column of the table for insert. Take ref : How to create id with AUTO_INCREMENT on Oracle?
2) Now use Batch update of spring to do bulk insertion ie jdbcTemplate.batchUpdate
In your insert query now you no longer need to define id, every time you make insertion on the table, trigger will be fired and id will be incremented.
3) Use Prepared Statement for insert query in order to avoid sql injection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.