java - How does a PreparedStatement avoid or prevent SQL injection? -


I know how to avoid SQL injection made / how does this happen? Whether the final form query has been prepared that has been prepared using a string or otherwise?

The issue injection with SQL is that, a user input used as part of the SQL statement goes. By using the prepared statement you can force user input to control the contents of a parameter (and as part of the SQL command).

But if you use the user input as a parameter for your ready statement but instead of making strings together to create your SQL command, while using the prepared statement still for SQL injection Unsafe .


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -