[thelist] JSF, JSP and SQL Injection
RUST Randal
RRust at COVANSYS.com
Wed Jan 19 10:59:14 CST 2005
Jay Blanchard wrote:
> Why can't SQL injection occur in a prepared statement? Are
> they validating the data at that level? The sounds awfully
> specious to me.
My suspicion is that they are not validating at all, and just letting
everything pass through.
----------
Randal Rust
Covansys Corporation
Columbus, OH
Confidentiality Statement:
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by return email.
More information about the thelist
mailing list