Ever wondered what is SQL injection??? What can we do with SQL injection...
Here you go http://en.wikipedia.org/wiki/SQL_injection
So how to avoid this attack.
Use PreparedStatement instead of Statement.
Reason: The PreparedStatement parses the parameters as Strings and hence these attacks cannot be possible.
No comments:
Post a Comment