View by Classes

Findings - Overview

info A prepared statement is generated from a nonconstant String (Findbugs)

A prepared statement is generated from a nonconstant String at org.jcoderz.phoenix.dbview.DbView.performConvertion(File, String)

Further info on the wiki.

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

1org.jcoderz.phoenix.dbview.DbView
 [308]