If you use JDBC prepared statements, you will not have to worry about SQL injection.
Paul On Fri, Mar 22, 2013 at 6:36 PM, J.V. <jvsr...@gmail.com> wrote: > Does anyone out there have a method I could use to pass a form field > variable that would check for all known SQL injection vulnerabilities (with > regards to the form field only, irrespective of the method of SQL > execution) and return a true/false if it passes the test? > > I have about 100+ forms ( 500+ fields) to validate for SQL injection > vulnerabilities and was thinking of creating an abstractForm.java class and > putting the validate method there and calling that in each of the > MyForm.java classes validate() method. > > I thought initially it would be better to move everything over to use > Apache commons validator, create a global rule and simply apply the global > rule to every form field but it may be better to take this approach. > > Any thoughts on the approach or a validator classs to pattern match the > field would be helpful (if you have had such a case in the past). > > thanks > > J.V. > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > user-unsubscribe@struts.**apache.org<user-unsubscr...@struts.apache.org> > For additional commands, e-mail: user-h...@struts.apache.org > >
