Pusula

Java Statement and PreparedStatement with SQL Injection Attack

In any database-driven application, especially web and enterprise applications, user interaction is unavoidable. Users enter usernames, passwords, IDs, search keywords, dates, and many other inputs.
Pusula

Preventing SQL Injection Attack With Java Prepared Statement

Online data theft has recently become a very serious issue, and recent cases have been widely publicized over concerns for the confidentiality of personally identifiable information (PII). Most cases ...
InfoWorld

Named Parameters for PreparedStatement

The problems with PreparedStatement stem from its syntax for parameters. Parameters are anonymous and accessed by index as in the following: PreparedStatement p = con.prepareStatement("select * from ...