Is JDBC secure?

Question

I am new to JDBC, and the new project require me to use JDBC. What I want to know is,

is the JDBC secure?

How to prevent \"Mysql Injection\"-like problem?<

Answer 1

JDBC is purely the transport between your program and the database.

It is reasonably secure in as much as the sign on protocol is not vulnerable to network sniffing, and, it is very, very difficult to inject anything into the network traffic.

However JDBC merely transports your SQL to the database and returns the resulting dataset. If your program is vulerable to SQL injection it will be vulnerable whether you are using a direct connection, odbc or jdbc.

The only way to really protect yourself against sql injection is to use prepared statements with "?" type place holders for user input. Never string together SQL statements using unsecure input (this includes both direct user input, and data from a table that was input by a user).