Java Database Connectivity (JDBC)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SQL Injection attack with 10g

435170Jan 11 2005 — edited Jan 11 2005

I've noticed that when you write SQL statements to execute over JDBC with Oracle 10g, you're not supposed to include the typical ending semicolon. For example, you're supposed to just write:

"SELECT * FROM MYTABLE"

I was wondering if one reason for this is to cut down on SQL Injection attacks like those mentioned here:
http://www.tek-tips.com/viewthread.cfm?qid=940825&page=1

(I was trying to attack my Java web app, but I can't see how to do the same ones mentioned there because they require doubling up statements separated by semicolons).

Locked Post

New comments cannot be posted to this locked post.

Locked on Feb 8 2005

Added on Jan 11 2005

#java-database-connectivity-jdbc

1 comment

389 views