From the course: Secure Coding in Java

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Prevent SQL injection

Prevent SQL injection - Java Tutorial

From the course: Secure Coding in Java

Start my 1-month free trial

Prevent SQL injection

- We're going to spend a considerable amount of time, talking about SQL injection, and how to prevent it. This attack vector, continues to be a major issue across the industry, but it's rather easily mitigated especially in Java. The situation that causes SQL injection, is very straightforward. You start with the SQL statement, that accepts at least one variable. This can be as simple WHERE clause variable, or a VALUES clause variable for instance. The SQL statement, when created in code, must leverage string concatenation or formatting, to insert the input into the SQL statement. Malicious input can then be entered, into the system which repurposed the SQL statement itself. The simplest example on a string variable, is to add an OR clause to your input, and then a statement that will always return true. This will return all data from the table, in an injectable code path, based on the other where clauses that are…

Contents