Skip to content

Commit

Permalink
Fix V1_SQL Injection
Browse files Browse the repository at this point in the history
  • Loading branch information
Davide Avellone committed Jul 10, 2023
1 parent e4657a7 commit b0e6fe7
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions src/com/notsecurebank/util/DBUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -438,10 +438,18 @@ public static String addAccount(String username, String acctType) {
LOG.debug("addAccount('" + username + "', '" + acctType + "')");

try {

Connection connection = getConnection();
Statement statement = connection.createStatement();
statement.execute("INSERT INTO ACCOUNTS (USERID,ACCOUNT_NAME,BALANCE) VALUES ('" + username + "','" + acctType + "', 0)");
//Statement statement = connection.createStatement();
//statement.execute("INSERT INTO ACCOUNTS (USERID,ACCOUNT_NAME,BALANCE) VALUES ('" + username + "','" + acctType + "', 0)");

String query = "INSERT INTO ACCOUNTS (USERID,ACCOUNT_NAME,BALANCE) VALUES (?,?,0)";
PreparedStatement preparedStatement = connection.prepareStatement(query);
preparedStatement.setString(1, username);
preparedStatement.setString(2, acctType);
preparedStatement.executeQuery();
return null;

} catch (SQLException e) {
LOG.error(e.toString());
return e.toString();
Expand Down

0 comments on commit b0e6fe7

Please sign in to comment.