[thelist] JSF, JSP and SQL Injection

RUST Randal RRust at COVANSYS.com
Wed Jan 19 10:40:56 CST 2005

Our development team has told me that we don't need to validate user
input in our application because the values are all passed to prepared
statements. Because of this, SQL injection cannot occur.

I only work with PHP, where I validate everything.


Randal Rust
Covansys Corporation
Columbus, OH 
Confidentiality Statement:

This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by return email.

More information about the thelist mailing list