You are viewing a plain text version of this content. The canonical link for it is here.

Posted to torque-user@db.apache.org by Clemens Fuchslocher <cl...@fht-esslingen.de> on 2004/04/30 17:56:20 UTC

Criteria and SQL Injection

Hello,

Should I worry about SQL Injections when I am using a Criteria object
in the following way?

-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=
public List example (String input) throws TorqueException
{
    Criteria criteria = new Criteria ();
    criteria.add (ExamplePeer.PKEY, (Object) input, Criteria.EQUAL);
    return ExamplePeer.doSelect (criteria);
}
-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=

Is the Criteria object escaping the input string for me?
-- 

---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org