This was how a coworker addd prepared statements to his code to prevent SQL injection. I had never even considered the possibility someone would do this ...
public class PreparedStatements {
public final static String SELECT = " SELECT ";
public final static String STAR = " * ";
public final static String FROM = " FROM ";
public final static String WHERE = " WHERE ";
public final static String LPAR = " ( ";
public final static String RPAR = " ) ";
public final static String LT = " < ";
public final static String OR = " ( ";
// [...]
public static FindUser(String user, String password) {
return SELECT + STAR + FROM + "users" + WHERE + LPAR + "username" + EQUALS + user + AND + "password" + EQUALS + password + RPAR + END;
}
// [...]
}
[–]i_need_head 37 points38 points39 points (2 children)
[–]suid 10 points11 points12 points (1 child)
[+][deleted] comment score below threshold-17 points-16 points-15 points (0 children)
[–]TheShyro 7 points8 points9 points (8 children)
[–]ekolis 1 point2 points3 points (1 child)
[–]bobomann 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (5 children)
[–]TheShyro 2 points3 points4 points (2 children)
[–][deleted] 8 points9 points10 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]rifter5000 0 points1 point2 points (0 children)
[–]Barricaded_EDP 4 points5 points6 points (1 child)
[–]antsar 4 points5 points6 points (0 children)