📜  如何防止java中的sql注入 - SQL代码示例

📅  最后修改于: 2022-03-11 15:05:22.935000             🧑  作者: Mango

代码示例2
// This should REALLY be validated too
String custname = request.getParameter("customerName");
// Perform input validation to detect attacks
String query = "SELECT account_balance FROM user_data WHERE user_name = ? ";
PreparedStatement pstmt = connection.prepareStatement( query );
pstmt.setString( 1, custname);
ResultSet results = pstmt.executeQuery( );