Vote count:
0
Can i be victim of sql injection attack if I use the the value of parameter as its name ?
for(String tag : choixalerte.selectedNomExestingtags)
where += " ach.NOM_ACHTEUR LIKE :"+tag+" or ao.OBJET LIKE :"+tag+" or lot.INTITULE LIKE :"+tag+ "";
...
Query native_query = entityManager.createNativeQuery(...);
if( choixalerte.selectedNomExestingtags != null )
for(String tag : choixalerte.selectedNomExestingtags)
native_query.setParameter(tag, "%"+tag+"%");
asked 1 min ago
sql injection using the the value of a parameter as its name
Aucun commentaire:
Enregistrer un commentaire