0

when I run SonarQube testing tool on my android project, it gives Sql Injection Error, I used below query in my code, how can I solve this problem, and get rid of this SonarQube error?

            String url = "jdbc:jtds:sqlserver://" + ip + ":" + port + ";databaseName=" + databaseName + ";user=" + username + ";password=" + password + "";

            String driver = "net.sourceforge.jtds.jdbc.Driver";

            Logger.writeLog("IssQrCodeGenerator url: " + url);

            String selectQuery = "SELECT * FROM dbo.ticket WHERE dbo.ticket.code LIKE '%" + guid + "%'";

            Logger.writeLog("IssQrCodeGenerator SELECT QUERY: " + selectQuery);

            // Establish the connection.
            Class.forName(driver);
            //DriverManager.setLoginTimeout(1);
            Connection con = DriverManager.getConnection(url);
            Statement stmt = con.createStatement();
            //stmt.setQueryTimeout(1);

            int affectedRowCount = stmt.executeUpdate(sql);
            ResultSet resultSet = stmt.executeQuery(selectQuery);
Diego
  • 937
  • 8
  • 24

0 Answers0