From the course: Secure Coding in Java (2020)
Join today to access over 25,300 courses taught by industry experts.
Prevent SQL injection - Java Tutorial
From the course: Secure Coding in Java (2020)
Prevent SQL injection
- We're going to spend a considerable amount of time, talking about SQL injection, and how to prevent it. This attack vector, continues to be a major issue across the industry, but it's rather easily mitigated especially in Java. The situation that causes SQL injection, is very straightforward. You start with the SQL statement, that accepts at least one variable. This can be as simple WHERE clause variable, or a VALUES clause variable for instance. The SQL statement, when created in code, must leverage string concatenation or formatting, to insert the input into the SQL statement. Malicious input can then be entered, into the system which repurposed the SQL statement itself. The simplest example on a string variable, is to add an OR clause to your input, and then a statement that will always return true. This will return all data from the table, in an injectable code path, based on the other where clauses that are…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.