See JDBC Particularly the section on prepared statements I would not use any of the mapping technologies till you have some understanding of JDBC.
See JDBC Particularly the section on prepared statements. I would not use any of the mapping technologies till you have some understanding of JDBC.
Thanks for the answer. I'm pretty familiar with JDBC and Prepared Statements. However, the program I'm writing is one that goes through a programs source code, finds SQL injection vulnerabilities (dynamic queries mostly), rewrites the query as a prepared statement, and executes it.
– bsimic May 24 at 13:52 I believe if you use prepared statements correctly you will not have sql injection problems. But it sounds like you are joining tables dynamically (and not just replacing where clause parameters). If this is the case you should seriously considering a mapping technology.
Also see: stackoverflow. Com/questions/1291584/is-jdbc-secure – Adam Gent May 24 at 14:00 Yes I agree. What my program will do is use Aspects to go through a web applications source code, find Dynamic Queries (which are not secure), parse through the query, and then weave in a secure prepared statement which will be executed in place of the unsecure dynamic query.
I think my best solution will be to use a query parser and then generate the prepared statement based on the information gathered there. – bsimic May 24 at 14:08 @bsimic you could put a caller pointcut on all Connection. CreateStatements or Statement.
ExecuteQuery ( you will need AJ declarative ). But I think your probably just better off refactoring your code. – Adam Gent May 24 at 16:19.
I would recommend trying iBatis. No need to write it yourself.
I'm wanting to write a program that converts a SQL Dynamic Query into a prepared statement in Java. I'd like to convert that to a java prepared statement using code. Are there any existing tools to do this and if not, can you provide any information on creating such a tool?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.