I am working on a project that has a piece of code like the one below:
String sql = "SELECT MAX(" + columnName + ") FROM " + tableName;
PreparedStatement ps = connection.prepareStatement(sql);
Is there any way that I can change this code so that FindBugs stop giving me a
"Security - A prepared statement is generated from a nonconstant String" warning ?
Please assume that this code is safe regarding SQL INJECTION since I can control elsewhere in the code the possible
values for "tableName" and "columnName" (they do not come come directly from user input).
以上就是How to avoid "Security - A prepared statement is generated from a nonconstant String" FindBugs Warning的详细内容，更多请关注web前端其它相关文章！