SQL injection in BasePeer
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/sql-injection-turbine
Language: Java
Severity: Warning
Category: Security
CWE: 89
Description
When issuing a SQL query with Turbine, make sure you do not build your query manually and use all the utility functions available with the library.
Learn More
Non-Compliant Code Examples
class Foobar {
public void test() {
List<Record> BasePeer.executeQuery( "select * from Customer where id=" + inputId );
}
}
Compliant Code Examples
class Foobar {
public void test() {
Criteria c = new Criteria();
c.add( CustomerPeer.ID, inputId );
List<Customer> customers = CustomerPeer.doSelect( c );
}
}
Seamless integrations. Try Datadog Code Analysis