Skip to content
Permalink
Browse files Browse the repository at this point in the history
sql injection fix.
  • Loading branch information
karsany committed Jun 28, 2018
1 parent b0673c1 commit 52eca4a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java
Expand Up @@ -197,13 +197,13 @@ private OraclePackage getAllStandaloneProcedureAndFunction() {
}

private List<OraclePackage> getAllRealOraclePackage(OBridgeConfiguration c) {
String query = "select object_name from user_objects where object_type = 'PACKAGE' and object_name like '" + c.getPackagesLike() + "'";
String query = "select object_name from user_objects where object_type = 'PACKAGE' and object_name like ?";
return jdbcTemplate.query(query, (resultSet, i) -> {
OraclePackage p = new OraclePackage();
p.setName(resultSet.getString("object_name"));
p.setProcedureList(getAllProcedure(resultSet.getString("object_name"), ""));
return p;
});
}, c.getPackagesLike());
}

}

0 comments on commit 52eca4a

Please sign in to comment.