stackoom
  简体   繁体   中英

Secure doGet parameter in Servlet

 原文  2012-06-04 11:57:39       java/ php/ java-ee/ servlets

Question

I'm doing a simple register form and I need to pass some parmeters in url, however I'm concerned about the security in java. in PHP I used to use 

mysql_escape_string

To make sure no special characters is passed to the variable. however I'm not sure if thats needed in Java.

the question is : is it safe to use request.getAttribute(arg0) directly or do I need to secure it using some special method ?

1 answers

solution1
 2 ACCPTED  2012-06-04 12:04:09

There is an answer to that question in Java - escape string to prevent SQL injection .

I believe that the best thing to do is not to encode your command as a string, but to use a PreparedSatements and set the parameter using its methods, like SetInteger, SetBoolean as so on.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Passing parameter to doGet() servlet Getting parameter from a doGet in Servlet using Ajax Multiple if else statement with parameter in doGet() servlet jQuery not executing servlet doGet InputStreamReader in doGet servlet Servlet doGet() is not updating override doGet in servlet doGet Method of the Faces Servlet doGet XML in Servlet Servlet doGet not work if string is null
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM