DannyArcher Posted July 7, 2016 Report Share Posted July 7, 2016 2 hours ago, fake_Bezawada said: oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanuย naku telusu , kani neku chepanu Quote Link to comment Share on other sites More sharing options...
loveindia Posted July 7, 2016 Report Share Posted July 7, 2016 aa concept ne prepared statement or something like that antaru kada man... most programming languages lo vadataaru... try google that name.. nenu Java expert ni kaadu but I know how in my team they do this, so telling... ย exact direction lo point cheyalenu but thats the term used with sql queries to avoid sql injection ... recently done same with Json... Quote Link to comment Share on other sites More sharing options...
SANANTONIO Posted July 7, 2016 Report Share Posted July 7, 2016 3 hours ago, fake_Bezawada said: oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanuย Quote Link to comment Share on other sites More sharing options...
SANANTONIO Posted July 7, 2016 Report Share Posted July 7, 2016 http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement Quote Link to comment Share on other sites More sharing options...
icecreamZ Posted July 7, 2016 Report Share Posted July 7, 2016 7 hours ago, fake_Bezawada said: ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaruย evarina baaga telisina vaalu vunte help me please are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Quote Link to comment Share on other sites More sharing options...
RamanaReddy Posted July 7, 2016 Report Share Posted July 7, 2016 Basically sql injection should be taken care at server side.. client can be written n altered by anybody.. if you're writing client use encoding your sensitive data while posting your requests. If you're using spring framework, use spring data jpa over hibernate.. it has SQL injection prevention mechanism.. can't write much here .. providing some pointers..ย http://stackoverflow.com/questions/12400506/spring-data-crud-methods http://javabeat.net/spring-data-jpa-query/ for external links.. Quote Link to comment Share on other sites More sharing options...
TOM_BHAYYA Posted July 7, 2016 Report Share Posted July 7, 2016 29 minutes ago, icecreamZ said: are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Sql injection ante any sample req post here plz Quote Link to comment Share on other sites More sharing options...
icecreamZ Posted July 7, 2016 Report Share Posted July 7, 2016 5 minutes ago, TOM_BHAYYA said: Sql injection ante any sample req post here plz sodhara test chesthunav ga form data to sql statements petti pampatam. http://www.w3schools.com/sql/sql_injection.asp ย Quote Link to comment Share on other sites More sharing options...
TOM_BHAYYA Posted July 7, 2016 Report Share Posted July 7, 2016 2 minutes ago, icecreamZ said: sodhara test chesthunav ga form data to sql statements petti pampatam. http://www.w3schools.com/sql/sql_injection.asp ย Kkย sql statements Aina .. Or just input parameters Aina.. Validate etla cheyali Ani a ts kochhen? Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 38 minutes ago, icecreamZ said: are you taking about request? sql statment execute chese mundhu....input params ni validate cheyyi. or use prepared statements with param substitution. Input param ni ela validate chestamย Suppose naku DTO form lo vastundi from js like {user:"babloo || delete from userdetails",password:"bumchik"} nenu rest vatchi @GET @PATH @Produces(MediaType.APPLICATION_JSON) ย public String doSomething(UserDTO udto); ila object mapping chestunanu ah udto ni persist cheaetapudu ee paricular param ni ela validate cheyyali Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 16 minutes ago, RamanaReddy said: Basically sql injection should be taken care at server side.. client can be written n altered by anybody.. if you're writing client use encoding your sensitive data while posting your requests. If you're using spring framework, use spring data jpa over hibernate.. it has SQL injection prevention mechanism.. can't write much here .. providing some pointers..ย http://stackoverflow.com/questions/12400506/spring-data-crud-methods http://javabeat.net/spring-data-jpa-query/ for external links.. Thank you for that broย Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 Na scenario cheppa kada ala object mapping lo response capture chesetapudu ela validate cheyyali Quote Link to comment Share on other sites More sharing options...
SeemaLekka Posted July 7, 2016 Report Share Posted July 7, 2016 Just now, fake_Bezawada said: Na scenario cheppa kada ala object mapping lo response capture chesetapudu ela validate cheyyali enni years exp undi? Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 Just now, SeemaLekka said: enni years exp undi? Vaddu le bhayyiah malli tidathav idi kooda raada ani Naku 4years exp india lo Quote Link to comment Share on other sites More sharing options...
SeemaLekka Posted July 7, 2016 Report Share Posted July 7, 2016 Just now, fake_Bezawada said: Vaddu le bhayyiah malli tidathav idi kooda raada ani Naku 4years exp india lo naku e thread lo matladedi edi teledu. exp endukante inka onsite chance raledannav ga andukani adiga Quote Link to comment Share on other sites More sharing options...
-1.thumb.png.613bdd33b4e8b5f69ac815bf90e62a8b.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.