You are viewing a plain text version of this content. The canonical link for it is here.
Posted to torque-user@db.apache.org by Clemens Fuchslocher <cl...@fht-esslingen.de> on 2004/04/30 17:56:20 UTC
Criteria and SQL Injection
Hello,
Should I worry about SQL Injections when I am using a Criteria object
in the following way?
-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=
public List example (String input) throws TorqueException
{
Criteria criteria = new Criteria ();
criteria.add (ExamplePeer.PKEY, (Object) input, Criteria.EQUAL);
return ExamplePeer.doSelect (criteria);
}
-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=
Is the Criteria object escaping the input string for me?
--
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org