Skip to content
Advertisement

Prevent SQL injection attacks in a Java program

I have to add a statement to my java program to update a database table:

I heard that this can be exploited through an SQL injection like:

My program has a Java GUI and all name, address and email values are retrieved from Jtextfields. I want to know how the following code (DROP TABLE customer;) could be added to my insert statement by a hacker and how I can prevent this.

Advertisement

Answer

You need to use PreparedStatement. e.g.

This will prevent injection attacks.

The way the hacker puts it in there is if the String you are inserting has come from input somewhere – e.g. an input field on a web page, or an input field on a form in an application or similar.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement