Ever wondered what is SQL injection??? What can we do with SQL injection...
Here you go http://en.wikipedia.org/wiki/SQL_injection
So how to avoid this attack.
Use PreparedStatement instead of Statement.
Reason: The PreparedStatement parses the parameters as Strings and hence these attacks cannot be possible.
Sunday, May 4, 2008
SQL query tuning
The following link is a good starting point for SQL query optimization.
http://www.dba-oracle.com/art_sql_tune.htm
http://www.dba-oracle.com/art_sql_tune.htm
Subscribe to:
Posts (Atom)