java - How to prevent SQL injection In App Engine JDO -


please help..

how prevent sql injection @ time of jdo insertion?

my jdo class mydata.java

package com.jdo;  import java.util.date; import javax.jdo.annotations.persistencecapable; import javax.jdo.annotations.persistent; import javax.jdo.annotations.primarykey; import javax.jdo.annotations.identitytype;   @persistencecapable(identitytype = identitytype.application,detachable="true") public class mydata{     @primarykey     @persistent     private string id;      @persistent     private string name;      @persistent     private string address;       @persistent     private date addeddate;      /**      *       * @param id      * @param name      * @param address      */     public mydata(string id,string name,string address) {         super();         this.id=id;         this.name=name;         this.address=address;         this.addeddate = new date();     }       /**      * @return id      */     public string getid(){         return this.id;     }      /**      *       * @return name;      */     public string getname(){         return this.name;     }      /**      *       * @return addeddate      */     public date getaddeddate(){         return this.addeddate;     }       /**      *       * @param id      */     public void setid(string id){         this.id=id;     }      /**      *       * @param name      */     public void setname(string name){         this.name=name;     }      /**      *       * @param addeddate      */     public void setaddeddate(date addeddate){         this.addeddate=addeddate;     }   }

and tried insert using 

mydata user=new mydata ("id001","shana","address");                  user=mydatadao.savedata(user);

it saving in table successfully..but need prevent sql injection...please help?

sql injection occurs when create queries concatenating strings of plain text strings of sql.

you don't need worry if

  1. you're creating queries using prepared statements (which quote values under hood including untrusted ones), or
  2. you're using orm creates queries plugging object fields prepared statement or careful escape data values when serializing messages datastore.

the code above looks falls category 2.


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more