The thing is that I get no error whatsoever, I just get a message from the hosted mode:
[INFO] 200 - POST /votaciones/MySQLConnection (127.0.0.1) 14 bytes Which since it's 200 means it went ok... and yes I know about the injection but since it's still something I'm doing locally I won't get into that until I get it to work xD haha...=/ On Oct 21, 8:31 am, Lothar Kimmeringer <j...@kimmeringer.de> wrote: > Proxy schrieb: > > > PreparedStatement ps = conn.prepareStatement( > > "SELECT user, pass FROM usuarios WHERE user = \"" + user1 + "\" AND " + > > "pass = \"" + pass + "\"" > > ); > > Using a PreparedStatement is one thing but not using its features > is another. You still can do SQL-injections here allowing you to > login without knowing a username or password. > > As Alvin said, the error-message you get would help to say more. > > Regards, Lothar --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
