Lamis
Reputation: 466
Secure doGet parameter in Servlet
I'm doing a simple register form and I need to pass some parmeters in url, however I'm concerned about the security in java. in PHP I used to use
mysql_escape_string
To make sure no special characters is passed to the variable. however I'm not sure if thats needed in Java.
the question is : is it safe to use request.getAttribute(arg0) directly or do I need to secure it using some special method ?
Upvotes: 0
Views: 344
Answers (1)
rlinden
Reputation: 2041
There is an answer to that question in Java - escape string to prevent SQL injection.
I believe that the best thing to do is not to encode your command as a string, but to use a PreparedSatements and set the parameter using its methods, like SetInteger, SetBoolean as so on.
Upvotes: 2
Related Questions
- HttpServlet contracts for doGet and doPost
- Securely passing parameters in JSP/Servlet (No Frameworks)
- Java servlet: do parameters sent with doGet() get encoded using HTTPS?
- Servlet 3.1 - Security Constraints - Without web.xml
- Servlet Filter for security
- Servlet Parameter Encryption
- Servlet declarative security
- security functions
- Servlet security authentication
- How to use doGet in jsp with Servlet