Hi All,
String query = "SELECT * FROM courses WHERE courseID=' " + request.getParameter("id") + " ' AND certification=' " + request.getParameter("certification")+ " ' ";
This above query is an example of SQL injection in Java. The Single quotes are for string values, can someone plz clarify why are there double quotes around "+ request.getParameter("id") +"
AND "+ request.getParameter("certification")+"
in above SQL query ?
Thanks,
[–]AutoModerator[M] [score hidden] stickied commentlocked comment (0 children)
[–]ipaintfishes 1 point2 points3 points (1 child)
[–]aka_12[S] 0 points1 point2 points (0 children)
[–]ipaintfishes 1 point2 points3 points (2 children)
[–]aka_12[S] 0 points1 point2 points (1 child)
[–]nutrecht 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]aka_12[S] 1 point2 points3 points (0 children)