Avoid SQL Injection on NativeQueries

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Avoid SQL Injection on NativeQueries

John Arevalo
Hi List,

I'm using DB2. to Optimize Query response time, im calling a procedure
which have 3 params, i want to avoid SQL Injection using EclipseLink
Methods.
Where can i find this? or, do you have suggestions to avoid SQL Injection?

Best regards,

--
John Arévalo
GNU/Linux User #443701
http://counter.li.org/
_______________________________________________
eclipselink-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/eclipselink-users
Reply | Threaded
Open this post in threaded view
|

Re: Avoid SQL Injection on NativeQueries

jamesssss
Not sure what you are referring to, perhaps more details.

In general binding is used by default in EclipseLink.  Parameters are defined by "?" in native queries.


Edilson-2 wrote
Hi List,

I'm using DB2. to Optimize Query response time, im calling a procedure
which have 3 params, i want to avoid SQL Injection using EclipseLink
Methods.
Where can i find this? or, do you have suggestions to avoid SQL Injection?

Best regards,

--
John Arévalo
GNU/Linux User #443701
http://counter.li.org/