Example of SQL injection The following Java servlet code, used to perform a login

Question

0

Asked: May 23, 20262026-05-23T08:29:57+00:00 2026-05-23T08:29:57+00:00

Example of SQL injection The following Java servlet code, used to perform a login

0

Example of SQL injection

The following Java servlet code, used to perform a login function, illustrates the vulnerability by accepting user input without performing adequate input validation or escaping meta-characters:

String sql = "select * from user where username='" + username +"' and password='" + password + "'";
stmt = conn.createStatement();
rs = stmt.executeQuery(sql);
if (rs.next()) {
loggedIn = true;
    out.println("Successfully logged in");
} else {
    out.println("Username and/or password not recognized");
}

================

Now please tell me how can we modify this code , so that it is free from SQL Injection

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T08:29:57+00:00

Editorial Team

2026-05-23T08:29:57+00:00Added an answer on May 23, 2026 at 8:29 am

You need to use the PreparedStatement class and add parameters.

See the documentation.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Example of SQL injection The following Java servlet code, used to perform a login

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply