I guess depending on the driver for the db, it would know what to do to
escape the quotes.
Hmm, shouldn't :
prepare.executeQuery(sql) ;
be this instead :
prepare.executeUpdate(sql) ;
?
Anwyay Manuel, what error are you getting ?
Manuel Lenz wrote:
How do preparedSt
--- Manuel Lenz <[EMAIL PROTECTED]> wrote:
> How do preparedStatements handle single quotes and other injection
> attacks?
This is JDBC driver dependent. Each database might handle single quote
escaping differently; however, doubling them with another single quote
seems to be common.
> I chang
How can I do that?
"Navjot Singh" <[EMAIL PROTECTED]>
28.10.2003 12:32
Bitte antworten an "Struts Users Mailing List"
An: "Struts Users Mailing List"
<[EMAIL PROTECTED]>
Kopie:
Thema: RE: Antwort: [OT] Re: far reachin
you should escape your sql data values for mischieveous chars like single
quotes etc.
>-Original Message-
>From: Manuel Lenz [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, October 28, 2003 4:33 PM
>To: Struts Users Mailing List
>Subject: Antwort: [OT] Re: far reaching db quest
How do preparedStatements handle single quotes and other injection
attacks?
I changed my db-connection from a normal statement-conding into prepared
statements.
But the error ist still the same.
Here ist my test-coding:
Connection conn = null;
PreparedStatement prepare = null;
5 matches
Mail list logo
