Closed ngwwm closed 6 years ago
yes - as long as you use PreparedStatements with question marks for your values. ie, use the JDBC API as intended, and don't substitute values into SQL yourself.
To expand on the previous comment, prevention is not built in directly to the library, however if used as described above you will be protected.
Is SQL Injection prevention built into this great package?