How to prevent sql injection in JPA
Question
I am using below jpa code. How can we prevent below code from sql injections?
List<Document> docs= em.createQuery("SELECT c FROM Document c WHERE c.docId = :docId ", Document.class)
.setParameter("docId", docId).getResultList();
http://www.adam-bien.com/roller/abien/entry/preventing_injection_in_jpa_query
1 answers
solution1
1 2020-06-08 12:13:17
It already is protected against SQL injection. Your code is using parameters. Also if you want, you can use Criteria APIs to build the same query.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to prevent SQL Injection with JPA and Hibernate?
How to prevent SQL injection in native insert query with JPA?
how to prevent SQL Injection in JSP?
JPA SQL Injection
How does a PreparedStatement avoid or prevent SQL injection?
how to prevent sql injection attack in android?
How to prevent SQL injection In App Engine JDO
Prevent Sql Injection (Java)
Is this JPA query vulnerable to SQL injection?
Avoid SQL Injection in Spring JPA
Related Tags