Re: Sql and java
Posted by: Filipe Silva
Date: July 21, 2014 11:27AM

Hi,

In athleteByID(int searchPhrase) implementation, what do you need 'searchPhrase' for?

The query condition "ID ==>1 AND ID <= 100000" won't work as "==>" isn't a valid MySQL operator. At most it should be "ID >= 1 AND ID <= 100000", but I guess you want to introduce here the value of 'searchPhrase', right?

Although not relevant for the this case, I would recomend sanitizing the argument of the method expensesByCategory(String searchPhrase) before concatenating it to the SQL String. As it is, it will allow SQL injection.

Options: ReplyQuote


Subject
Written By
Posted
July 20, 2014 04:45AM
Re: Sql and java
July 21, 2014 11:27AM
July 21, 2014 06:30PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.