openjpa-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chintan4181 <>
Subject JPA Parameterized query - SQL Injection
Date Wed, 25 May 2011 19:51:22 GMT

I am not sure whether this is right forum but i have one question on
parameterized query. As per my knowledge to prevent(or minimize) SQL
Injection attack we should use parameterized query. 

We are using JPA named queries which are parameterized. My question is,
since we are using parameterized query, am i safe with SQL injection or i
need to do define validation to escape special character to prevent SQL

I have also read that most of Database vendor check escaping before
executing query. 

can somebody help me to understand?


View this message in context:
Sent from the OpenJPA Users mailing list archive at

View raw message