If you use JDBC prepared statements, you will not have to worry about SQL
injection.
Paul
On Fri, Mar 22, 2013 at 6:36 PM, J.V. wrote:
> Does anyone out there have a method I could use to pass a form field
> variable that would check for all known SQL injection vulnerabilities (with
> regards t
Use Filter
On 3/22/2013 7:36 PM, J.V. wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of
SQL execution) and return a true/false if
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of SQL
execution) and return a true/false if it passes the test?
I have about 100+ forms (
The best approach is to make validate() deal with syntax validation. At the
beginning of your execute() method, run business logic validation and
construct ActionErrors if your business logic fails. You really shouldn't
be trying to stuff business logic in the validate() method -- keep that for
dat
I have some code that does not use the Apache commons validator plugin.
There is a method in LoginForm.java validate() that calls
isPasswordValid(password) that will query the database and validate the
password and set an error message if not, and this error message is
retrieved in the Action
5 matches
Mail list logo