sql = select t1.col1,t2.col2 where t1.col1 = t2.col1;


sql = select table1.col1,table2.col2 from table1,table2 where table1.col1 = table2.col1;

where condition is

table 1 field. = table 2 field .

Fortify report it's SQL Injection issue.

But, in this kind of SQL query , we can't do PreparedStatement.setString to avoid SQL Injection problem.

But, is it really a SQL injection problem?

If it is.

How to write the SQL statement to pass the fortify issue ? (Any Sample Code?)