Re: postgresql.stat.result

Thanks are you aqare of any books on JSP-POSTGRES

Oliver Jowett wrote:

>Minal wrote:
>
>
>
>>sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
>>//sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
>>('admin','"+username+"','"+password+"')";
>>   pStat=conn.prepareStatement(sql);
>>
>>
>
>On another topic, either you need to ensure that username/password are
>correctly escaped, or you should use '?' placeholders and use
>setString() to set them. Otherwise you have a SQL injection hole there.
>
>-O
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>
>
>