Tony
Reputation: 505
How to make INSERT safer?
This is my method. As you can see I'm using native sql to execute INSERT queries.
public void addNews(String title, String content) {
Session session = null;
session = this.sessionFactory.getCurrentSession();
Query query = session
.createSQLQuery(
"INSERT INTO news VALUES(NULL,:title,:content,NULL)")
.setString("title", title).setString("content", content);
int updated = query.executeUpdate();
}
Is it safe? Or how can I improve my method?
Upvotes: 1
Views: 54
Answers (1)
yname
Reputation: 2255
Yes, setting values as parameters (setString() method) preventing from SQL-injections. Non secure sql-statement looks like this:
String query = "INSERT INTO news VALUES(NULL," + title + "," + content + ",NULL)";
Read more about SQL injections (and other types of vulnerabilities) you can here: https://www.owasp.org/index.php/SQL_Injection
Upvotes: 1
Related Questions
- Prevent JPQL query sql injection
- How to prevent SQL Injection with JPA and Hibernate?
- Avoid SQL Injection in Spring JPA
- How to prevent sql injection in JPA
- How to prevent SQL second order injections in java (Spring Application)
- Hibernate and SQL injection
- Prevent Sql Injection (Java)
- SQL injection prevention with hibernate
- Prevention against SQL Injection in Hibernate
- Making sql insert statement safe