Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of SQL
execution) and return a true/false if it passes the test?
I have about 100+ forms
Use Filter
On 3/22/2013 7:36 PM, J.V. wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of
SQL execution) and return a true/false
If you use JDBC prepared statements, you will not have to worry about SQL
injection.
Paul
On Fri, Mar 22, 2013 at 6:36 PM, J.V. jvsr...@gmail.com wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters sql injection safe. You
can take a look at
http://www.owasp.org/index.php
@struts.apache.org
Subject: RE: SQL Injection
Date: Thu, 18 Mar 2010 12:34:57 +
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters sql
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from entering malicious SQL
into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote. It is,
hoever unlikely,
Does anyone have a great solution for a validator that will prevent users from
entering malicious SQL into form entry text fields?
Thx.
Mike
Get easy, one-click access to your favorites.
Make Yahoo!
-
From: Mike Duffy [EMAIL PROTECTED]
To: user@struts.apache.org
Sent: Thursday, November 15, 2007 12:42 PM
Subject: Struts Validator to Prevent SQL Injection Attacks
Does anyone have a great solution for a validator that will prevent users
from entering malicious SQL into form entry text fields
=0postorder=asc
And page 16 of the following link:
http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf
Thx.
Mike
--- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote:
From: Antonio Petrelli [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL
Dave Newton wrote:
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from entering malicious SQL
into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote. It
.).
Has anyone created an elegant solution for this problem within the Struts
framework?
Mike
--- On Thu, 11/15/07, Dave Newton [EMAIL PROTECTED] wrote:
From: Dave Newton [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL Injection Attacks
To: Struts Users Mailing List user
that), then you're not covered.
But if you use the placeholder and HQL or the Criteria APIs, then
you're covered.
Mike
--- On Thu, 11/15/07, Gary Affonso [EMAIL PROTECTED] wrote:
From: Gary Affonso [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL Injection Attacks
To: Struts Users
2007/11/15, Mike Duffy [EMAIL PROTECTED]:
No matter where this is done, the basic problem is we have single quotes,
double quotes, ampersands, semicolons, and parenthesis in our data.
This may be off topic, but does not is suffice to use prepared
statement and parameters to avoid such attacks?
a query dinamically, with a variable number of parameters.
In the PDF you sent, there is this sentence:
snip
SQL Statements using bind variables are generally immune to SQL
Injection attacks as the Oracle
database will use the value of the bind variable exclusively and not
interpret the contents
to Prevent SQL Injection Attacks
To: Struts Users Mailing List user@struts.apache.org
Cc: [EMAIL PROTECTED]
Date: Thursday, November 15, 2007, 11:13 AM
Dave Newton wrote:
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from
Thx.
Mike
--- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote:
From: Antonio Petrelli [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL Injection Attacks
To: Struts Users Mailing List user@struts.apache.org, [EMAIL PROTECTED]
Date: Thursday, November 15, 2007
hihi,
does struts or jstl have a good way to handle data coming back from the
database that contains things like:
- ' (single quote)
- (double quote)
- , (html characters)
and also to prevent agains sql injection/poisoning attacks?
can someone shed light on best practice suggestions
--- Jim Barrows [EMAIL PROTECTED] wrote:
-Original Message-
From: Woodchuck [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 25, 2004 9:44 AM
To: struts
Subject: best practice for handling single/double quotes, html
characters, sql injection/poisoning
hihi
have a good way to handle data coming back from the
database that contains things like:
- ' (single quote)
- (double quote)
- , (html characters)
and also to prevent agains sql injection/poisoning attacks?
can someone shed light on best practice suggestions?
please, and thanks
data coming back from
the
database that contains things like:
- ' (single quote)
- (double quote)
- , (html characters)
and also to prevent agains sql injection/poisoning attacks?
can someone shed light on best practice suggestions?
please, and thanks in advance
21 matches
Mail list logo