Proxy schrieb: > PreparedStatement ps = conn.prepareStatement( > "SELECT user, pass FROM usuarios WHERE user = \"" + user1 + "\" AND " + > "pass = \"" + pass + "\"" > );
Using a PreparedStatement is one thing but not using its features is another. You still can do SQL-injections here allowing you to login without knowing a username or password. As Alvin said, the error-message you get would help to say more. Regards, Lothar --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
