db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clemens Fuchslocher <clfui...@fht-esslingen.de>
Subject Criteria and SQL Injection
Date Fri, 30 Apr 2004 15:56:20 GMT
Hello,

Should I worry about SQL Injections when I am using a Criteria object
in the following way?

-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=
public List example (String input) throws TorqueException
{
    Criteria criteria = new Criteria ();
    criteria.add (ExamplePeer.PKEY, (Object) input, Criteria.EQUAL);
    return ExamplePeer.doSelect (criteria);
}
-=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-= -=-=

Is the Criteria object escaping the input string for me?
-- 

---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org


Mime
View raw message