Try it! Writing safe code

You can see some code down below, but the code is incomplete. Complete the code, so that is no longer vulnerable for an SQL injection! Use the classes and methods you have learned before.

The code has to retrieve the status of the user based on the name and the mail address of the user. Both the name and the mail are in the string format.

Solution

💡 First establish a connection, after that you can create a statement. 💡 SqlStringInjectionHint-mitigation-10a-10a2

The fields must contain the following words to validate the lesson: getConnection, PreparedStatement, prepareStatement, ?, ?, setString, setString.