You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by abhishek jain <ab...@gmail.com> on 2010/03/18 11:30:49 UTC
SQL Injection
Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
--
Thanks and kind Regards,
Abhishek jain
RE: SQL Injection
Posted by adam pinder <ap...@hotmail.co.uk>.
use hibernate its definitely worth trying.
the SQL queries can be parameterised and the parameter names can refer to fields in an object, it handles the escaping of values to be sql safe.
----------------------------------------
> From: gustavo.felisberto@wit-software.com
> To: user@struts.apache.org
> Subject: RE: SQL Injection
> Date: Thu, 18 Mar 2010 12:34:57 +0000
>
> Hello,
> As far as I know there is nothing in struts to prevent SQL injection. And
> that should be done at the database level, so it is not related to Struts.
>
> Also there is no simple way of making parameters "sql injection safe". You
> can take a look at
> http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They
> have some code that will take care of inputs depending on the Database used
> (they have "cleaners" for Oracle, Mysql and SQLServer).
>
> -----Mensagem original-----
> De: abhishek jain [mailto:abhishek.netjain@gmail.com]
> Enviada: quinta-feira, 18 de Março de 2010 10:31
> Para: Struts Users Mailing List
> Assunto: SQL Injection
>
> Hi,
> Do we have any special technique in Struts for preventing sql injection, i
> know we can prevent it via parameterized query , but my application design
> do not permit so,
> So can anyone here help me on this, i need a function whom if i pass a
> value, it becomes sql injection safe.,
> Pl. help
> --
> Thanks and kind Regards,
> Abhishek jain
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
_________________________________________________________________
Do you have a story that started on Hotmail? Tell us now
http://clk.atdmt.com/UKM/go/195013117/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: SQL Injection
Posted by Gustavo Felisberto <gu...@wit-software.com>.
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters "sql injection safe". You
can take a look at
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They
have some code that will take care of inputs depending on the Database used
(they have "cleaners" for Oracle, Mysql and SQLServer).
-----Mensagem original-----
De: abhishek jain [mailto:abhishek.netjain@gmail.com]
Enviada: quinta-feira, 18 de Março de 2010 10:31
Para: Struts Users Mailing List
Assunto: SQL Injection
Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
--
Thanks and kind Regards,
Abhishek jain
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org