Closed ScottWalkerAU closed 6 years ago
File: Management.Actions.GetOfferByID.java Line: 34 Issue: SQL Injection is possible with the .where("id=" + id) function call, sanitisation is required.
.where("id=" + id)
Suggested solution: Replace with .where(HOTELS.ID.eq(UInteger.valueOf(id)))
.where(HOTELS.ID.eq(UInteger.valueOf(id)))
Followed the Suggested solution and updated the code accordingly.
File: Management.Actions.GetOfferByID.java Line: 34 Issue: SQL Injection is possible with the
.where("id=" + id)
function call, sanitisation is required.Suggested solution: Replace with
.where(HOTELS.ID.eq(UInteger.valueOf(id)))