-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprevention_SQLinjection
More file actions
26 lines (25 loc) · 938 Bytes
/
prevention_SQLinjection
File metadata and controls
26 lines (25 loc) · 938 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
public class SQLInjectionPrevention {
public static PreparedStatement createSafeStatement(Connection conn,
String sql, Object... params) throws SQLException {
PreparedStatement stmt = conn.prepareStatement(sql);
for (int i = 0; i < params.length; i++) {
stmt.setObject(i + 1, params[i]);
}
return stmt;
}
// Ejemplo de uso seguro
public User findUser(Connection conn, String username) throws SQLException {
String sql = "SELECT * FROM users WHERE username = ?";
try (PreparedStatement stmt = createSafeStatement(conn, sql, username)) {
ResultSet rs = stmt.executeQuery();
if (rs.next()) {
return new User(
rs.getLong("id"),
rs.getString("username"),
rs.getString("email")
);
}
return null;
}
}
}