Hi George,
ORMs like Hibernate/JPA/Cayenne take care of SQL injection by using prepared statements. If you use
raw JDBC you should use prepared statements as well.
See the defense strategies mention here:
http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java
kind regards
bob
On 29/03/2010 12:30 AM, georgex wrote:
How sure is Click against SQL injections?
I mean a typical Click application like Click-Examples - but without Spring
(where the average programmer doesn't add an extra layer of checking - but
it's using Click as default).
Thanks,
George.
