Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does Java have standard functions for security like in php htmlspecialchars, strip_tags? Or must I write my own functions? I want to be sure my script handles user data safely.
Not exactly.
Protection against injection attacks in Java comes “for free” provided that you do certain things the right way. For example:
Don’t create SQL by concatenating strings. Instead, create your SQL with placeholders, and compile / execute using JDBC
PreparedStatement.In JSPs, use
<c:out>to output any data that comes from the user. This automatically HTML escapes it to denature any potential injected nasties.