TechQA.

How to avoid SQL injection when a query is coming as a parameter of a method in Java?

91 views Asked by At 
public static RepositoryItem[] executeQuery(Repository repository, String query,Object[] params)
{
    RepositoryItem[] data = null;

    try {
        RepositoryView repositoryView = repository.getView(viewName);
        RqlStatement statement = RqlStatement.parseRqlStatement(query);
    }
}

The query is a parameterized query.

java sql-injection
Original Q&A
1

There are 1 answers

0
crowne On

Depending on which database your are using, you could define the SQL connection or DBConnectionPool using credentials of a user which has readonly access. Any statement which is unauthorized will be rejected by the DBMS.

Related Questions in JAVA

Related Questions in SQL-INJECTION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions