How can SQL Injection be prevented when executing queries using JDBC?

  • Using Prepared Statements and Parameterized Queries
  • Using a plain SQL query string with user inputs
  • Escaping special characters manually in SQL queries
  • Using the executeUpdate() method instead of executeQuery()
SQL Injection can be prevented in Java when executing JDBC queries by using Prepared Statements and Parameterized Queries. These mechanisms ensure that user inputs are treated as data and not executable code, thus protecting against malicious SQL injection. Options 2 and 3 are not secure and can leave the application vulnerable to attacks. Option 4 is incorrect, as it relates to result sets and not prevention of SQL injection.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *