openjpa-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chintan4181 <chintan4...@gmail.com>
Subject JPA Parameterized query - SQL Injection
Date Wed, 25 May 2011 19:51:22 GMT
Hi, 

I am not sure whether this is right forum but i have one question on
parameterized query. As per my knowledge to prevent(or minimize) SQL
Injection attack we should use parameterized query. 

We are using JPA named queries which are parameterized. My question is,
since we are using parameterized query, am i safe with SQL injection or i
need to do define validation to escape special character to prevent SQL
Injection.

I have also read that most of Database vendor check escaping before
executing query. 

can somebody help me to understand?

thanks
chintan

--
View this message in context: http://openjpa.208410.n2.nabble.com/JPA-Parameterized-query-SQL-Injection-tp6404249p6404249.html
Sent from the OpenJPA Users mailing list archive at Nabble.com.

Mime
View raw message