Comments on: Check to Make Sure My New Record Doesn’t Already Exist http://kerryosborne.oracle-guy.com/2009/07/check-to-make-sure-my-new-record-doesnt-already-exist/ Just another Oracle blog Mon, 06 Feb 2012 21:28:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: osborne http://kerryosborne.oracle-guy.com/2009/07/check-to-make-sure-my-new-record-doesnt-already-exist/#comment-3429 osborne Wed, 15 Jul 2009 12:57:49 +0000 http://kerryosborne.oracle-guy.com/?p=1622#comment-3429 Actually this is a straight java app without anything like hibernate between the app and the database. So they should be able to tell if a statement succeeded or not. I wouldn't be surprised if they were vulnerable to SQL injection though as they do a lot of dynamic SQL. Kerry Actually this is a straight java app without anything like hibernate between the app and the database. So they should be able to tell if a statement succeeded or not. I wouldn’t be surprised if they were vulnerable to SQL injection though as they do a lot of dynamic SQL.

Kerry

]]> By: HF http://kerryosborne.oracle-guy.com/2009/07/check-to-make-sure-my-new-record-doesnt-already-exist/#comment-3417 HF Wed, 15 Jul 2009 07:11:19 +0000 http://kerryosborne.oracle-guy.com/?p=1622#comment-3417 I've worked on a couple of apps where the app has had no graceful way to handle a sql-error. Usually these apps are aimed at non-technical users who don't want to see a tech message. So to avoid it the developer does the above. With the use of the literal I wonder if it has been accepted from a front end gui? I also wonder if you could try a '; DROP TABLE XYZ_BLAH;' as the data entry value.... I’ve worked on a couple of apps where the app has had no graceful way to handle a sql-error. Usually these apps are aimed at non-technical users who don’t want to see a tech message. So to avoid it the developer does the above. With the use of the literal I wonder if it has been accepted from a front end gui? I also wonder if you could try a ‘; DROP TABLE XYZ_BLAH;’ as the data entry value….

]]>