Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using prepared statements to protect against SQLI
String username = request.getParameter("username");
String password = request.getParameter("password");
String sqlAuthQuery = "select * from users where username = ? and password = ? ";
Connection connection = pool.getConnection();
PreparedStatement preparedStatement = connection.prepareStatement(sqlAuthQuery);
preparedStatement.setString(1, username);
preparedStatement.setString(2, password);
ResultSet result = preparedStatement.executeQuery();
if (result.next()) {
loggedIn = true;
// Successfully logged in
} else {
// Auth failure
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment