Hibernate Community • View topic - securing hibernate like queries against SQL injection

View unanswered posts | View active topics

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

securing hibernate like queries against SQL injection

Page 1 of 1

[ 2 posts ]

Previous topic | Next topic

Author

Message

feritoth

Post subject: securing hibernate like queries against SQL injection

Posted: Thu Jun 13, 2013 2:54 pm

Newbie

Joined: Thu Jun 13, 2013 2:47 pm
Posts: 1

Hello Everyone!
I would have the following question:
//I have the current HQL query
String preparedQuery = "from Author as author where author.name like '%" + nameSequence + "%'";
Query q = currentSession.createQuery(preparedQuery);

My question would be the following:How this query be rewritten so as to ensure protection against SQL injection? I tried to do it in the same manner as for the queries which used equality (i.e. =) however, then the query returned no results. Can anyone suggest other alternatives? Thanks in advance,
Feri

Top

sathish.kannan

Post subject: Re: securing hibernate like queries against SQL injection

Posted: Sat Jul 27, 2013 3:19 am

Newbie

Joined: Sat Jul 27, 2013 1:47 am
Posts: 5

Use Named queries.

That will help prevent SQL injection.

Like this,
Query q = currentSession.createQuery( "from Author as author where author.name like :nameSequence");
q.setParameter("nameSequence", nameSequence);

Top

Page 1 of 1

[ 2 posts ]

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum