sql = select t1.col1,t2.col2 where t1.col1 = t2.col1;
sql = select table1.col1,table2.col2 from table1,table2 where table1.col1 = table2.col1;
where condition is
table 1 field. = table 2 field .
Fortify report it's SQL Injection issue.
But, in this kind of SQL query , we can't do PreparedStatement.setString to avoid SQL Injection problem.
But, is it really a SQL injection problem?
If it is.
How to write the SQL statement to pass the fortify issue ? (Any Sample Code?)