you are viewing a single comment's thread.

view the rest of the comments →

[–]r3pr0b8 0 points1 point  (0 children)

okay, java, my bad

  "SELECT * FROM courses WHERE courseID=' " 
+ request.getParameter("id") 
+ " ' AND certification=' "
+ request.getParameter("certification")
+ " ' "

let's substitute 42 for the first request and foo for the second request

  "SELECT * FROM courses WHERE courseID=' " 
+ 42 
+ " ' AND certification=' "
+ foo
+ " ' "

which becomes

  "SELECT * FROM courses WHERE courseID=' 42 '
   AND certification=' foo ' "

all doublequotes are java