dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed test for password

Browse Source
This commit is contained in:
mayhew64
2016-11-16 16:18:22 -05:00
parent 29447a11b4
commit f091e21c60
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/lessonPlans/en/SqlInjection_content7.adoc
View File

@ -1,6 +1,8 @@
== Immutable Queries
=== Static queries?
These are the best defense against SQL Injection. They either do not have data that could get interpreted or the treat the data as a single entity that is bound to a column without interpretation.
=== Static Queries
-------------------------------------------------------
select * from products;
-------------------------------------------------------
@ -10,7 +12,6 @@ select * from users where user = "'" + session.getAttribute("UserID") + "'";
-------------------------------------------------------
=== Parameterized Queries
-------------------------------------------------------
String query = "SELECT * FROM users WHERE last_name = ?";
PreparedStatement statement = connection.prepareStatement(query);
@ -19,5 +20,4 @@ ResultSet results = statement.executeQuery();
-------------------------------------------------------
=== Stored Procedures
Only if stored procedure does not generate dynamic SQL