java避免使用orderby,使用Order By的准备好的语句来防止SQL注入Java java避免使用orderby

文章图片

I have a query with where conditions , order by and limit. I am using prepared statements to set the where conditions and limit. Currently i am using string append for order by which causing SQL injection vulnerability.
【java避免使用orderby,使用Order By的准备好的语句来防止SQL注入Java】I cannot use set string to order by like this order by ? ? SQL Order functionality not working if i do like this.
Example query:
SELECT siteid, technology, address, state, status FROM archive LEFT OUTER
JOIN mappings ON siteid = child_site_id order by siteid asc limit ? offset ?
SELECT siteid, technology, address, state, status FROM archive LEFT OUTER
JOIN mappings ON siteid = child_site_id order by siteid asc limit 10 offset 0
Any other way i can do this to avoid SQL injection.
解决方案
Do something like this and concatenate it:
List allowedSortableColumns = Arrays.asList(new String[]{"siteid", "technology", "address"})
if(! allowedSortableColumns.contains(sortByColumn)){
throw new RuntimeException("Cannot sort by: " + sortByColumn);
}
// Continue here and it's safe to concatenate sortByColumn...
You can do sanitization and other stuff, but this should work in your case

java避免使用orderby,使用Order By的准备好的语句来防止SQL注入Java

推荐阅读

镒怎么读镒的读音

人肉可以吃吗

清明节要做什么清明节要做什么呢

互助友爱造句互助友爱的造句

美疾控中心|美疾控中心承认新冠病毒可经气溶胶传播

佳能坏点检测佳能80d怎样测试坏点

安卓手机如何整理桌面图标,手机桌面如何整理?可参考以下方法

破壁机和绞肉机的区别

安卓系统什么查好坏,安卓4.0系统安全性能比2.3更稳定

blender建模入门教学，怎么用blender进行地形建模

如何拍摄“ 夜来风雨声,花落知多少”的意境？

韭菜种子怎么催芽快韭菜种子怎么催芽

平板|安卓平板又多一个强劲选手，三星Tab S8 Ultra跑分数据曝光

糖尿病|家族中女性糖尿病人多吗？那就来了解一种特殊类型的糖尿病

十年的飞天茅台现在什么价？

redis清除db0缓存，redis清除缓存命令行

描写海潮四字成语

吴德周|iPhone13登场后，被外媒撕下“遮羞布”，难怪苹果加量还降价

神灵寨五一门票神灵寨景区三八妇女节免门票活动

水团花根