| From: | Minal <minalac(at)yes2etl(dot)com> |
|---|---|
| To: | Oliver Jowett <oliver(at)opencloud(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: postgresql.stat.result |
| Date: | 2005-08-03 08:30:23 |
| Message-ID: | 42F0809F.50407@yes2etl.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Thanks are you aqare of any books on JSP-POSTGRES
Oliver Jowett wrote:
>Minal wrote:
>
>
>
>>sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
>>//sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
>>('admin','"+username+"','"+password+"')";
>> pStat=conn.prepareStatement(sql);
>>
>>
>
>On another topic, either you need to ensure that username/password are
>correctly escaped, or you should use '?' placeholders and use
>setString() to set them. Otherwise you have a SQL injection hole there.
>
>-O
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | abdelkader belkadi | 2005-08-03 15:39:23 | pgsql-jdbc and Java |
| Previous Message | Oliver Jowett | 2005-08-03 07:01:20 | Re: postgresql.stat.result |