Re: Valve for SQL injection

Tim Funk Wed, 09 Jul 2003 06:30:13 -0700

I'm unsure how one could create such a valve. The better way is to NEVER use this style of coding: String sql = "Select foo from bar where fred='" + request.getParameter("ick") + "'";

Always use prepared statements or helper methods to encode sql and then no valve is needed.

-Tim

webmaster wrote:

Hi all,

Where can I find a valve that filters bad input data ? I'm pretty sure I saw it some place, but I can't remember.

Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Valve for SQL injection

Reply via email to