Is JDBC safe?

Question

Is JDBC safe?

I am new to JDBC and the new project requires me to use JDBC. I want to know,

is jdbc safe?

How to prevent the problem with the "Mysql Injection" problem?

What security issues should I look for when using JDBC?

And how do I ensure, I mean security optimization, to prevent hackers from hacking the database?

EDIT:

I tried google if i google:

"Php mysql security problems" => gives a lot of results

if i google:

"Jdbc mysql security problems" => hard to see related pages

Does this mean that using jdbc is safe? No need to worry about being hacked?

+3

java security database jdbc

kanayaki Aug 18 '09 at 3:07

6

JDBC?

JDBC - JDBC. , SSL, , SSL-. , .

"Mysql Injection"?

SQL- JDBC, , "" , SQL. :

String query = "SELECT * FROM SOME_TABLE WHERE X = '" + someString + "' ;";

someString unescaped '' ', , SQL, . , someString, - '' '( ), , escape- SQL.

( / ) ?? setString(...) ..

JDBC?

, JDBC. JDBC.

, , ?

/ .
.
/.

+10

Stephen C 18 . '09 3:28

JDBC - , , .

JDBC. , SQL . , , .

+5

ZZ Coder 18 . '09 3:15

JDBC - .

, , - .

JDBC SQL . SQL-, , , odbc jdbc.

SQL- - ?? . SQL- ( , , ).

+2

James Anderson 18 . '09 3:20

: " org.apache.commons.lang.StringEscapeUtils.escapeSql(java.lang.String str)", sql-.

SQL- .

+2

Winston Chen 18 . '09 4:56

, , - DB acceess api.

0

ZeroCool 18 . '09 5:08

Emil H · Accepted Answer · 2009-08-18T03:13:23+0000

. , :

PreparedStatement stmt = conn.prepareStatement("SELECT * FROM member WHERE member_username = ? AND member_password = ?");
stmt.setString(1, username);
stmt.setString(2, password);
stmt.execute();

ResultSet rs = stmt.getResultSet();
// ...

SQL Injection.

Is JDBC safe?

More articles: