Ways to prevent SQL Injection Attack & XSS in Java Web Application

Question

I\'m writing a java class which would be invoked by a servlet filter and which checks for injection attack attempts and XSS for a java web application based on Struts. The Injec

Answer 1

Based on your questions I am assuming you are attempting to filtering bad values. I personally feel that this method can get very complex very quickly and would recommend encoding values as an alternate method. Here is an IBM article on the subject that lays out the pros and cons of both methods, http://www.ibm.com/developerworks/tivoli/library/s-csscript/.

To avoid SQL injection attacks just use prepared statements instead of creating SQL strings.