Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m doing a simple register form and I need to pass some parmeters in url, however I’m concerned about the security in java. in PHP I used to use
mysql_escape_string
To make sure no special characters is passed to the variable. however I’m not sure if thats needed in Java.
the question is : is it safe to use request.getAttribute(arg0) directly or do I need to secure it using some special method ?
There is an answer to that question in Java – escape string to prevent SQL injection.
I believe that the best thing to do is not to encode your command as a string, but to use a PreparedSatements and set the parameter using its methods, like SetInteger, SetBoolean as so on.