rewriteBatchedStatements / SQL injection
Posted by: Martin Ley
Date: March 05, 2018 03:10AM

We are using a Google CloudSQL MySQL instance with the MySQL Connector/J and Spring Data on top.

We notice some performance issues when inserting large amounts of data. Setting rewriteBatchedStatements=true improves performance dramatically. But the documentation says:

> Notice that this has the potential for SQL injection if using plain java.sql.Statements and your code doesn't sanitize input correctly.

What does that mean exactly? Can you give an exmaple how such an SQL injection could be accomplished and prevented?


Options: ReplyQuote

Written By
rewriteBatchedStatements / SQL injection
March 05, 2018 03:10AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.