Veracode sql injection solution

53 Views Asked by amit sharma At 19 January 2024 at 15:29

I am using the following query in a Java class to connect and get details from a table from Oracle.

select * from mytable 
where DOCTYPE = 'CDA' 
and To_char(DATE '1970-01-01' +  (STATEMENTENDDATE-1),'YYYY-MM-DD') between ? and ?";

This is giving SQL injection flaw in veracode scan.

I need to have To_char(DATE '1970-01-01' + (STATEMENTENDDATE-1),'YYYY-MM-DD') as second parameter as I am reading epoch time in human readable form.

How can I solve this problem?

I tried to pass the 2 parameters separately as Strings, but got the same issue.

Original Q&A

Veracode sql injection solution

There are 0 best solutions below

Related Questions in JAVA

Related Questions in PREPARED-STATEMENT

Related Questions in SQL-INJECTION

Related Questions in EPOCH

Related Questions in VERACODE

Trending Questions

Popular # Hahtags

Popular Questions