Cadet 1st Class
Cadet 1st Class
4728 views

sql = select t1.col1,t2.col2 where t1.col1 = t2.col1;

Hi,


sql = select table1.col1,table2.col2 from table1,table2 where table1.col1 = table2.col1;

where condition is

table 1 field. = table 2 field .

Fortify report it's SQL Injection issue.

But, in this kind of SQL query , we can't do PreparedStatement.setString to avoid SQL Injection problem.


But, is it really a SQL injection problem?

If it is.

How to write the SQL statement to pass the fortify issue ? (Any Sample Code?)


Thanks.

0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.