If you use JDBC prepared statements, you will not have to worry about SQL
injection.
Paul
On Fri, Mar 22, 2013 at 6:36 PM, J.V. wrote:
> Does anyone out there have a method I could use to pass a form field
> variable that would check for all known SQL injection vulnerabilities (with
>
Use Filter
On 3/22/2013 7:36 PM, J.V. wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of
SQL execution) and return a true/false if
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of SQL
execution) and return a true/false if it passes the test?
I have about 100+ forms
: user@struts.apache.org
> Subject: RE: SQL Injection
> Date: Thu, 18 Mar 2010 12:34:57 +
>
> Hello,
> As far as I know there is nothing in struts to prevent SQL injection. And
> that should be done at the database level, so it is not related to Struts.
>
> Also there is no s
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters "sql injection safe". You
can take a look at
http://www.owasp.org
Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
f the following link:
> http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf
>
> Thx.
>
> Mike
>
>
> --- On Thu, 11/15/07, Antonio Petrelli <[EMAIL PROTECTED]> wrote:
>
> > From: Antonio Petrelli <[EMAIL PROTECTED]>
> > Subject: Re: Struts Val
), then you're not covered.
But if you use the placeholder and HQL or the Criteria APIs, then
you're covered.
Mike
--- On Thu, 11/15/07, Gary Affonso <[EMAIL PROTECTED]> wrote:
From: Gary Affonso <[EMAIL PROTECTED]>
Subject: Re: Struts Validator to Prevent SQL Injection Att
2007/11/15, Mike Duffy <[EMAIL PROTECTED]>:
> No matter where this is done, the basic problem is we have single quotes,
> double quotes, ampersands, semicolons, and parenthesis in our data.
This may be off topic, but does not is suffice to use prepared
statement and parameters to avoid such attac
this way: you can always
create a query dinamically, with a variable number of parameters.
In the PDF you sent, there is this sentence:
SQL Statements using bind variables are generally immune to SQL
Injection attacks as the Oracle
database will use the value of the bind variable exclusively and n
: Struts Validator to Prevent SQL Injection Attacks
> To: "Struts Users Mailing List"
> Cc: [EMAIL PROTECTED]
> Date: Thursday, November 15, 2007, 11:13 AM
> Dave Newton wrote:
> > --- Mike Duffy <[EMAIL PROTECTED]> wrote:
> >> Does anyone have a gre
> Subject: Re: Struts Validator to Prevent SQL Injection Attacks
> To: "Struts Users Mailing List" , [EMAIL PROTECTED]
> Date: Thursday, November 15, 2007, 11:21 AM
> 2007/11/15, Mike Duffy <[EMAIL PROTECTED]>:
> > No matter where this is done, the basic prob
.).
Has anyone created an elegant solution for this problem within the Struts
framework?
Mike
--- On Thu, 11/15/07, Dave Newton <[EMAIL PROTECTED]> wrote:
> From: Dave Newton <[EMAIL PROTECTED]>
> Subject: Re: Struts Validator to Prevent SQL Injection Attacks
> To: "
Dave Newton wrote:
--- Mike Duffy <[EMAIL PROTECTED]> wrote:
Does anyone have a great solution for a validator
that will prevent users from entering malicious SQL
into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote. It
-
From: "Mike Duffy" <[EMAIL PROTECTED]>
To:
Sent: Thursday, November 15, 2007 12:42 PM
Subject: Struts Validator to Prevent SQL Injection Attacks
> Does anyone have a great solution for a validator that will prevent users
from entering malicious SQL into form entry text fields
Does anyone have a great solution for a validator that will prevent users from
entering malicious SQL into form entry text fields?
Thx.
Mike
Get easy, one-click access to your favorites.
Make Yahoo! yo
--- Mike Duffy <[EMAIL PROTECTED]> wrote:
> Does anyone have a great solution for a validator
> that will prevent users from entering malicious SQL
> into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote. It is,
hoever unlik
like:
> > - ' (single quote)
> > - " (double quote)
> > - <,> (html characters)
> >
> > and also to prevent agains sql injection/poisoning attacks?
> >
> > can someone shed light on best practice suggestions?
> >
> >
> does struts or jstl have a good way to handle data coming back from the
> database that contains things like:
> - ' (single quote)
> - " (double quote)
> - <,> (html characters)
>
> and also to prevent agains sql injection/poisoning attacks?
>
--- Jim Barrows <[EMAIL PROTECTED]> wrote:
>
>
> > -Original Message-
> > From: Woodchuck [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, August 25, 2004 9:44 AM
> > To: struts
> > Subject: best practice for handling single/double quotes, ht
> -Original Message-
> From: Woodchuck [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 25, 2004 9:44 AM
> To: struts
> Subject: best practice for handling single/double quotes, html
> characters, sql injection/poisoning
>
>
> hihi,
>
> does struts
hihi,
does struts or jstl have a good way to handle data coming back from the
database that contains things like:
- ' (single quote)
- " (double quote)
- <,> (html characters)
and also to prevent agains sql injection/poisoning attacks?
can someone shed light on best prac
22 matches
Mail list logo
