How should I sanitize database input in Java?

Question

Could someone please point me to a good beginner guide on safely running SQL queries formed partly from user input? I\'m using Java, but a language neutral guide is fine to

Answer 1

Normally, you shouldn't create a query concatenating input, but using PreparedStatement instead.

That lets you specify in which places you'll be setting your parameters inside your query, so Java will take care of sanitizing all inputs for you.