How to prevent sql injection in JPA

Question

I am using below jpa code. How can we prevent below code from sql injections?

List<Document> docs= em.createQuery("SELECT c FROM Document c WHERE c.docId = :docId ", Document.class)
                .setParameter("docId", docId).getResultList();

http://www.adam-bien.com/roller/abien/entry/preventing_injection_in_jpa_query

It already is protected against SQL injection. Your code is using parameters. Why do you think it isn't protected? — Mark Rotteveel, Aug 05 '19 at 15:10
https://stackoverflow.com/questions/55058760/prevent-jpql-query-sql-injection — dimirsen Z, Aug 05 '19 at 16:17

score 1 · Answer 1 · answered Jun 08 '20 at 12:13

1

It already is protected against SQL injection. Your code is using parameters. Also if you want, you can use Criteria APIs to build the same query.

answered Jun 08 '20 at 12:13

Aniket Kalamkar

119
1
1
7

How to prevent sql injection in JPA

1 Answers1