[jboss-svn-commits] JBL Code SVN: r21927 - labs/jbosslabs/labs-3.0-build/integration/cs-nukes-login/src/main/java/org/jboss/labs/clearspace.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Aug 27 04:41:32 EDT 2008
Author: szimano
Date: 2008-08-27 04:41:32 -0400 (Wed, 27 Aug 2008)
New Revision: 21927
Modified:
labs/jbosslabs/labs-3.0-build/integration/cs-nukes-login/src/main/java/org/jboss/labs/clearspace/LabsAuthenticationProvider.java
Log:
sql injection prevented
Modified: labs/jbosslabs/labs-3.0-build/integration/cs-nukes-login/src/main/java/org/jboss/labs/clearspace/LabsAuthenticationProvider.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/integration/cs-nukes-login/src/main/java/org/jboss/labs/clearspace/LabsAuthenticationProvider.java 2008-08-27 08:15:11 UTC (rev 21926)
+++ labs/jbosslabs/labs-3.0-build/integration/cs-nukes-login/src/main/java/org/jboss/labs/clearspace/LabsAuthenticationProvider.java 2008-08-27 08:41:32 UTC (rev 21927)
@@ -4,6 +4,7 @@
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.DriverManager;
+import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
@@ -64,9 +65,14 @@
try {
c = getConnection();
- ResultSet rs = c.createStatement().executeQuery(
- "SELECT * FROM nuke_users WHERE pn_uname='" + username
- + "';");
+
+ String sqlQuery = "SELECT * FROM nuke_users WHERE pn_uname = ?";
+
+ PreparedStatement prepStmt = c.prepareStatement(sqlQuery);
+ prepStmt.setString(1, username);
+
+ ResultSet rs = prepStmt.executeQuery();
+
if (rs.next()) {
LabsUser nukeUser = new LabsUser(rs);
More information about the jboss-svn-commits
mailing list