Home > mailing lists

Re: postgresql.stat.result - Mailing list pgsql-jdbc

From	Oliver Jowett
Subject	Re: postgresql.stat.result
Date	August 3, 2005 07:01:35
Msg-id	42F06BC0.8080405@opencloud.com Whole thread Raw
In response to	postgresql.stat.result (Minal <minalac@yes2etl.com>)
Responses	Re: postgresql.stat.result (Minal <minalac@yes2etl.com>)
List	pgsql-jdbc

Tree view

Minal wrote:

> sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
> //sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
> ('admin','"+username+"','"+password+"')";
>    pStat=conn.prepareStatement(sql);

On another topic, either you need to ensure that username/password are
correctly escaped, or you should use '?' placeholders and use
setString() to set them. Otherwise you have a SQL injection hole there.

-O

pgsql-jdbc by date:

From: Oliver Jowett
Date: 03 August 2005, 06:38:19
Subject: Re: postgresql.stat.result

From: Minal
Date: 03 August 2005, 08:33:31
Subject: Re: postgresql.stat.result

Re: postgresql.stat.result - Mailing list pgsql-jdbc

Previous

Next