Skip to content

Instantly share code, notes, and snippets.

@jearl4
Last active May 25, 2019 04:01
Show Gist options
  • Save jearl4/f89b520ec410781cfc0747d261b72d60 to your computer and use it in GitHub Desktop.
Save jearl4/f89b520ec410781cfc0747d261b72d60 to your computer and use it in GitHub Desktop.
Using prepared statements to protect against SQLI
String username = request.getParameter("username");
String password = request.getParameter("password");
String sqlAuthQuery = "select * from users where username = ? and password = ? ";
Connection connection = pool.getConnection();
PreparedStatement preparedStatement = connection.prepareStatement(sqlAuthQuery);
preparedStatement.setString(1, username);
preparedStatement.setString(2, password);
ResultSet result = preparedStatement.executeQuery();
if (result.next()) {
loggedIn = true;
// Successfully logged in
} else {
// Auth failure
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment