Home > mailing lists

Re: postgresql.stat.result - Mailing list pgsql-jdbc

From	Minal
Subject	Re: postgresql.stat.result
Date	August 3, 2005 08:33:31
Msg-id	42F0809F.50407@yes2etl.com Whole thread Raw
In response to	Re: postgresql.stat.result (Oliver Jowett <oliver@opencloud.com>)
List	pgsql-jdbc

Tree view

Thanks are you aqare of any books on JSP-POSTGRES

Oliver Jowett wrote:

>Minal wrote:
>
>
>
>>sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
>>//sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
>>('admin','"+username+"','"+password+"')";
>>   pStat=conn.prepareStatement(sql);
>>
>>
>
>On another topic, either you need to ensure that username/password are
>correctly escaped, or you should use '?' placeholders and use
>setString() to set them. Otherwise you have a SQL injection hole there.
>
>-O
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>
>
>

pgsql-jdbc by date:

From: Oliver Jowett
Date: 03 August 2005, 07:01:35
Subject: Re: postgresql.stat.result

From: abdelkader belkadi
Date: 03 August 2005, 15:39:32
Subject: pgsql-jdbc and Java

Re: postgresql.stat.result - Mailing list pgsql-jdbc

Previous

Next