Hi, Yes, Ignite prevents SQL injection.
Also, I think PreparedStatement is not about preventing you from SQL injection. PreparedStatement is about compiling a query so that it can be efficiently re-used if executed multiple times. What prevents form SQL injection is binding parameters instead of concatenating them and making them part of the SQL. If you check IgniteH2Indexing.preparedStatementWithParams() you would find that this is exactly what Ignite does - it binds parameters to the statement. On Mon, Aug 21, 2017 at 10:18 AM, kotamrajuyashasvi < [email protected]> wrote: > Hi > > Using PreparedStatement of JDBC we can avoid/prevent sql Injection. Does > *SqlFieldsQuery.setArgs(..)* in ignite also have same functionality to > prevent sql Injection or Are there any other ways to prevent sql Injection > in ignite. > > > > > -- > View this message in context: http://apache-ignite-users. > 70518.x6.nabble.com/sql-Injection-prevention-in-ignite-tp16321.html > Sent from the Apache Ignite Users mailing list archive at Nabble.com. > -- Best regards, Alexey
