Hello, As far as I know there is nothing in struts to prevent SQL injection. And that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters "sql injection safe". You can take a look at http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They have some code that will take care of inputs depending on the Database used (they have "cleaners" for Oracle, Mysql and SQLServer). -----Mensagem original----- De: abhishek jain [mailto:abhishek.netj...@gmail.com] Enviada: quinta-feira, 18 de Março de 2010 10:31 Para: Struts Users Mailing List Assunto: SQL Injection Hi, Do we have any special technique in Struts for preventing sql injection, i know we can prevent it via parameterized query , but my application design do not permit so, So can anyone here help me on this, i need a function whom if i pass a value, it becomes sql injection safe., Pl. help -- Thanks and kind Regards, Abhishek jain --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
