Consider the following two methods of performing a SQL query that incorporates user-supplied input: // method 1 String artist = request.getParameter(“artist”).replaceAll(“’”, “’’”); String genre =...


Consider the following two methods of performing a SQL query that incorporates user-supplied input:


// method 1 String artist = request.getParameter(“artist”).replaceAll(“’”, “’’”); String genre = request.getParameter(“genre”).replaceAll(“’”, “’’”); String album = request.getParameter(“album”).replaceAll(“’”, “’’”); Statement s = connection. create Statement(); s.executeQuery(“SELECT * FROM music WHERE artist = ‘” + artist + ‘” AND genre = ‘” + genre + ‘” AND album = ‘” + album + “’”);


// method 2 String artist = request.getParameter(“artist”); String genre = request.getParameter(“genre”); String album = request.getParameter(“album”); Statement s = connection. Prepare Statement( “SELECT * FROM music WHERE artist = ‘” + artist + “’ AND genre = ? AND album = ?”);


seat String(1, genre);


seat String(2, album);


s.executeQuery();


Which of these methods is more secure, and why?

Nov 19, 2021
SOLUTION.PDF
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?