struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <>
Subject Re: Struts 1.3 : Preventing SQL Injection (form.field validation)
Date Sat, 23 Mar 2013 04:58:34 GMT
If you use JDBC prepared statements, you will not have to worry about SQL


On Fri, Mar 22, 2013 at 6:36 PM, J.V. <> wrote:

> Does anyone out there have a method I could use to pass a form field
> variable that would check for all known SQL injection vulnerabilities (with
> regards to the form field only, irrespective of the method of SQL
> execution) and return a true/false if it passes the test?
> I have about 100+ forms ( 500+ fields) to validate for SQL injection
> vulnerabilities and was thinking of creating an class and
> putting the validate method there and calling that in each of the
> classes validate() method.
> I thought initially it would be better to move everything over to use
> Apache commons validator, create a global rule and simply apply the global
> rule to every form field but it may be better to take this approach.
> Any thoughts on the approach or a validator classs to pattern match the
> field would be helpful (if you have had such a case in the past).
> thanks
> J.V.
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: user-unsubscribe@struts.**<>
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message