📜  如何防止 sql 注入 - 无论代码示例

📅  最后修改于: 2022-03-11 14:55:37.558000             🧑  作者: Mango

代码示例2
// This should REALLY be validated too
String custname = request.getParameter("customerName");
// Perform input validation to detect attacks
String query = "SELECT account_balance FROM user_data WHERE user_name = ? ";
PreparedStatement pstmt = connection.prepareStatement( query );
pstmt.setString( 1, custname);
ResultSet results = pstmt.executeQuery( );