Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How should I sanitize database input in Java?

Tags:

java

security

mysql

sql-injection

Could someone please point me to a good beginner guide on safely running SQL queries formed partly from user input? I'm using Java, but a language neutral guide is fine too.

The desired behaviour is that if someone types into the GUI something like

very nice;) DROP TABLE FOO;

The database should treat it as a literal string and store it safely without dropping any tables.

like image 988
Benjamin Confino Avatar asked Mar 26 '09 22:03

Benjamin Confino

People also ask

Should you sanitize user input?

User input should always be treated as malicious before making it down into lower layers of your application. Always handle sanitizing input as soon as possible and should not for any reason be stored in your database before checking for malicious intent.

What does it mean to sanitize database inputs?

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and strings to prevent the injection of harmful codes into the system.

2 Answers

You definitely want to use PreparedStatements. They are convenient. Here is an example.

like image 128
Josh Stodola Avatar answered Sep 18 '22 14:09

Josh Stodola

Use PreparedStatement instead of Statement

like image 25
Geo Avatar answered Sep 16 '22 14:09

Geo
Sign in to Comment

Related questions

google protobuffer how to define list of lists in proto file?
Application prints "Listening for transport dt_socket at address: 5005" and does not halt
Prevent JavaFX dialog from closing
java's path still /usr/bin/java after brew cask install java
Calling finishAffinity() does not destroy android app or activity. Activity's data still persists even when app is restarted
How would you do multiple operations on a java 8 stream?
How to encrypt a column in Postgres using Hibernate @ColumnTransformer
Spring Boot OAuth2 Single Sign Off (Logout)
Does BigDecimal#min method qualify as a BinaryOperator?
How to convert an int to hex with leading zeros in Java? [duplicate]
Passing context from Service to Asynctask without leaking it
How to get the list of properties of a class as Jackson views it?
How does OSGi application work on Java 9?
hexagonal architecture with spring data
Convert List stream into single Container
set timeout in Spring WebFlux webclient
Setting 'relaxedQueryChars' for embedded Tomcat
Parallel Stream behaving differently to Stream
How to restrict inheritance to a single subclass in Java
adjust selected File to FileFilter in a JFileChooser

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!