Quick Links

Re: postgresql.stat.result

From:	Oliver Jowett <oliver(at)opencloud(dot)com>
To:	Minal <minalac(at)yes2etl(dot)com>
Cc:	pgsql-jdbc(at)postgresql(dot)org
Subject:	Re: postgresql.stat.result
Date:	2005-08-03 07:01:20
Message-ID:	42F06BC0.8080405@opencloud.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-jdbc

Minal wrote:

> sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
> //sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
> ('admin','"+username+"','"+password+"')";
> pStat=conn.prepareStatement(sql);

On another topic, either you need to ensure that username/password are
correctly escaped, or you should use '?' placeholders and use
setString() to set them. Otherwise you have a SQL injection hole there.

-O

In response to

postgresql.stat.result at 2005-08-03 06:05:27 from Minal

Responses

Re: postgresql.stat.result at 2005-08-03 08:30:23 from Minal

Browse pgsql-jdbc by date

	From	Date	Subject
Next Message	Minal	2005-08-03 08:30:23	Re: postgresql.stat.result
Previous Message	Oliver Jowett	2005-08-03 06:38:03	Re: postgresql.stat.result