1. Home >
  2. Apps >
  3. Groups >

How to escape strings in java to avoid sql injection?

Question asked by monujatt in #Java #Programming on Aug 6, 2012
monujatt · Aug 6, 2012
Rank D2 - MASTER

hi techies,

Can anybody tell me how to escape strings in java to avoid sql injection?

like for input string : "abc" i want output string as \"abc\"

Posted in: #Java #Programming
sookie · Aug 10, 2012
Rank C1 - EXPERT
If I am not wrong you are talking about the value of String and value of String is abc and not "abc". If you are using queries in your program just try using single quotes instead of double quotes for escaping strings.
monujatt · Aug 10, 2012
Rank D2 - MASTER
I am already using single quotes for strings concatinate within database query.....i want ESCAPED string for the database query...e.g
"UPDATE tableName SET fieldName='abc' " + stringValue + "WHERE id=1"
i want this stringValue to be escaped
ignore if any syntax error in update query .. 😀
Divisha Madupalli
Divisha Madupalli · Jan 12, 2020
Rank C1 - EXPERT

The only way to prevent SQL injection is with parameterized SQL.  Use parameters for all input, updates, and where clauses. Dynamic SQL is simply an open door for hackers, and that includes dynamic SQL in stored procedures.

Try using the PREPARED statements. They will be helpful.

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up