java - How does a PreparedStatement avoid or prevent SQL injection? -
I know how to avoid SQL injection made / how does this happen? Whether the final form query has been prepared that has been prepared using a string or otherwise?
The issue injection with SQL is that, a user input used as part of the SQL statement goes. By using the prepared statement you can force user input to control the contents of a parameter (and as part of the SQL command).
But if you use the user input as a parameter for your ready statement but instead of making strings together to create your SQL command, while using the prepared statement still for SQL injection Unsafe .
Comments
Post a Comment