发表新帖
发表新帖

How to avoid “Security - A prepared statement is generated from a nonconstant String” FindBugs Warning

前端 未结
关注
7 2912
灰色年华
灰色年华 2021-02-19 21:39

I am working on a project that has a piece of code like the one below:

String sql = \"SELECT MAX(\" + columnName + \") FROM \" + tableName;                
Prepa
7条回答
  • 北恋
    北恋 (楼主)
    2021-02-19 22:14 

    StringBuilder sql = new StringBuilder();
sql.append("SELECT MAX(")
   .append(columnName)
   .append(") FROM ")
   .append(tableName);

PreparedStatement ps = connection.prepareStatement(sql);
ps.execute();

    0 讨论(0)
 看不清?
提交回复
热议问题