Ad

Lib To Protect SQL/javascript Injection For Java/jsp

Anyone know a good lib where i can run the strings before they are inserted, that can strip out sql/javascript code? To be run in jsp pages.

Idealy the lib would be:

  • Free
  • Lightweight
  • Easy to use

Thanks in advance to the SO community who will happily reply :)

Ad

Answer

Apache Commons lang StringEscapeUtils will get you some of the way. It escapes, doesnt strip.

http://commons.apache.org/lang/api/org/apache/commons/lang/StringEscapeUtils.html

Edit: Escaping can save you from injection attacks because it makes sure that the data the user has entered is not executed as code, but always presented as data to the user.

Ad
source: stackoverflow.com
Ad