Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using the playframework with version 1.2.5 and I have just a simple Question.
If I use for example:
public static User findByUsername(String username) {
return User.find("username = ?", username).first();
}
So if I perform this call, does the “JPAQuery find()” or the playframework prevent cross site scripting and such things?
If not, what do I have easily to do for preventing it in all my database interactions?
Thanks a lot.
Cheers,
Marco
Cross-site scripting does not quite apply to the code you posted, so I suppose you mean SQL injection. In that case, the code you posted should be safe. (The wrong way would be to build the query by concatenating Strings with
+operator.)See here: http://www.playframework.org/documentation/1.2.5/security#sql