The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

Thomas Jung (1) [Avatar] Offline
#1
Hi,

I think that the source code examples: "Listing 7.8 A bean that converts an incoming order to an SQL statement", Listing 9.1 "Using a bean to map from XML to SQL" and Listing 14.1 "A Java class that can update the inventory database" demonstrate SQL injection. Developers copying this code will at least have encoding problems in their applications.

Thomas
davsclaus (413) [Avatar] Offline
#2
Re: Errata; SQL injection in sample code
Thanks for he suggestion.

We could add a TIP and refer to SQL injection at wikipedia: http://en.wikipedia.org/wiki/SQL_injection

Some applications are internal only and not exposes to malicious users, as opposed to applications exposed to the internet can be. In those cases a simple mapping can be sufficient.