Dream.In.Code > Programming Help > Java

Welcome to Dream.In.Code
	Getting Java Help is Easy! Join 136,404 Java Programmers for FREE! Get instant access to thousands of Java experts, tutorials, code snippets, and more! There are 2,431 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a Java Expert

About SQL Injection

Reply to this topic

Start new topic

About SQL Injection, how to manage SQL injection

ganeshjava007	30 Aug, 2008 - 05:47 AM Post #1
New D.I.C Head Joined: 8 Jan, 2008 Posts: 2 My Contributions	Hello friends ! Help me to know about how to prevent SQL Injection ,Http Response Splitting with few examples .
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

KYA	RE: About SQL Injection 30 Aug, 2008 - 06:44 AM Post #2
#include <nerd.h> Joined: 14 Sep, 2007 Posts: 4,845 Thanked: 95 times Dream Kudos: 1200 My Contributions	There's a video tutorial up about sql inject, look on the home page listing.
	This Post Was Helpful!

pbl	RE: About SQL Injection 30 Aug, 2008 - 09:37 PM Post #3
D.I.C Lover Joined: 6 Mar, 2008 Posts: 3,110 Thanked: 202 times Dream Kudos: 75 My Contributions	QUOTE(ganeshjava007 @ 30 Aug, 2008 - 06:47 AM) Hello friends ! Help me to know about how to prevent SQL Injection ,Http Response Splitting with few examples . This is the Sys admin or DB Manager job not yours as Java programmer or you are in the wrong forum
	This Post Was Helpful!

fsloke	RE: About SQL Injection 31 Aug, 2008 - 07:26 AM Post #4
D.I.C Regular Joined: 19 Dec, 2007 Posts: 255 Thanked: 3 times My Contributions	pbl this also a JAVA coding. JAVA code is the front end protection , DB is the back end protection. If we can manage to protect our system in front end and back end system, it is an ideal system. Hi ganeshjava007, here is your answer: When you want to access database, use PreparedStatement .... [ SQL injection prevention ] You can found a lot tutorial in the internet. Please don't use the Statement library... Thank -fsloke
	This Post Was Helpful!

1lacca	RE: About SQL Injection 1 Sep, 2008 - 01:25 AM Post #5
code.rascal Joined: 11 Aug, 2005 Posts: 3,822 Thanked: 11 times My Contributions	QUOTE(pbl @ 31 Aug, 2008 - 07:37 AM) QUOTE(ganeshjava007 @ 30 Aug, 2008 - 06:47 AM) Hello friends ! Help me to know about how to prevent SQL Injection ,Http Response Splitting with few examples . This is the Sys admin or DB Manager job not yours as Java programmer or you are in the wrong forum Absolutely not, this is exactly why I stressed the usage of PreparedStatement in the other thread! If you concatenate parameters into SQL statements, you create security holes that no sys admin or db manager can fix at the DB or OS level - well, they can delete your application, but probably that is not what you are looking for. It is a programming question, and it was posted at the right place.
	This Post Was Helpful!

Byapti	RE: About SQL Injection 1 Sep, 2008 - 11:10 PM Post #6
New D.I.C Head Joined: 13 Sep, 2007 Posts: 10 My Contributions	Hi, I think the “Testing For SQL Injections” article on http://www.stickyminds.com/sitewide.asp?Fu...mail&iDyn=2 may be helpful in this discussion. This popular white paper is written by a software engineer from our organization Mindfire Solutions ( http://www.mindfiresolutions.com ). I hope you find it useful! Cheers, Byapti
	This Post Was Helpful!

pbl	RE: About SQL Injection 2 Sep, 2008 - 04:28 PM Post #7
D.I.C Lover Joined: 6 Mar, 2008 Posts: 3,110 Thanked: 202 times Dream Kudos: 75 My Contributions	QUOTE(1lacca @ 1 Sep, 2008 - 02:25 AM) Absolutely not, this is exactly why I stressed the usage of PreparedStatement in the other thread! If you concatenate parameters into SQL statements, you create security holes that no sys admin or db manager can fix at the DB or OS level - well, they can delete your application, but probably that is not what you are looking for. It is a programming question, and it was posted at the right place. Oups !!! The PreparedStatement one is so obvious I never though that a programmer would write a program letting user input to be executed as an SQL statement. In that case Lacca your are absolutly right: programmers are at the front line. This post has been edited by pbl: 3 Sep, 2008 - 02:54 AM
	This Post Was Helpful!

1lacca	RE: About SQL Injection 3 Sep, 2008 - 01:42 AM Post #8
code.rascal Joined: 11 Aug, 2005 Posts: 3,822 Thanked: 11 times My Contributions	LOL. I am sorry, it is nothing personal, but I simply could not resist
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 12/2/08 11:48AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live Java Help!

Java Tutorials

Reference Sheets

Java Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month

sharpy (50)
KYA (50)