There is a risk of SQL injection.

Open QiAnXinCodeSafe opened this issue 4 years ago • 1 comments

https://github.com/didi/DDMQ/blob/2f30b61a5741d55a5b515f3d8d19a8a35be8c9e2/rocketmq/broker/src/main/java/org/apache/rocketmq/broker/transaction/jdbc/JDBCTransactionStore.java#L128

It is recommended to replace java.sql.Statement with java.sql.PreparedStatement.

May 13 '21 09:05 QiAnXinCodeSafe

https://github.com/didi/DDMQ/blob/2f30b61a5741d55a5b515f3d8d19a8a35be8c9e2/rocketmq/broker/src/main/java/org/apache/rocketmq/broker/transaction/jdbc/JDBCTransactionStore.java#L128

It is recommended to replace java.sql.Statement with java.sql.PreparedStatement.

You are right, thank you for your suggestion.

Jun 11 '21 14:06 Jason918