Sql

Search

A bad way of running a SQL query in JDBC


// The user we want to find.
String email = "user@email.com";

// Connect to the database.
Connection conn = DriverManager.getConnection(URL, USER, PASS);
Statement stmt = conn.createStatement();

// Bad, bad news! Don't construct the query with string concatenation.
String sql = "SELECT * FROM users WHERE email = '" + email + "'";

// I have a bad feeling about this...
ResultSet results = stmt.executeQuery(sql);

while (results.next()) {
  // ...oh look, we got hacked.
}

Comment

PREVIOUS	NEXT

Code Example
Sql :: alembic upgrade show sql
Sql :: mysql export data with a where clause
Sql :: pagination with row_number
Sql :: get last 3 years data in mysql
Sql :: opensuse status MySQL
Sql :: Filter on observations that are null SQL
Sql :: how to add session data into mysql database from button
Sql :: difference between on and where in sql
Sql :: sql how to display two atributes as one in sql
Sql :: kannst du deine finger trainieren
Sql :: mysql insert into select with recursive
Sql :: sql statement checker corrector
Sql :: list of schema with sizes (relative and absolute) in a PostgreSQL database
Sql :: mysql load data infile default file location
Sql :: extract domain name from email id mariadb
Sql :: What logs are available on RDS MySQL?
Sql :: SQL Injection Using Always True Condition
Sql :: select from diffrent tables
Sql :: Postgres: Update Boolean column with false if column contains null
Sql :: add column in sql server ubuntu
Sql :: oracle grant create job
Sql :: adding primery key constraint to a column
Sql :: unique veri seçme SQL
Sql :: sql query for getting details by id
Sql :: sql server setup commands
Sql :: how to type a blank discord messgae
Sql :: lost connection to mysql
Sql :: sql find record cannot cast date
Sql :: sql get latest of 2 datetimes
Sql :: How to Group by and concatenate arrays with all columns in PostgreSQL

Search

SQL

A bad way of running a SQL query in JDBC

ADD CONTENT