Hi, I am not sure whether this is right forum but i have one question on parameterized query. As per my knowledge to prevent(or minimize) SQL Injection attack we should use parameterized query.
We are using JPA named queries which are parameterized. My question is, since we are using parameterized query, am i safe with SQL injection or i need to do define validation to escape special character to prevent SQL Injection. I have also read that most of Database vendor check escaping before executing query. can somebody help me to understand? thanks chintan -- View this message in context: http://openjpa.208410.n2.nabble.com/JPA-Parameterized-query-SQL-Injection-tp6404249p6404249.html Sent from the OpenJPA Users mailing list archive at Nabble.com.
