Today I finally tested my command and SQL code. The commands work, but I'm having some serious trouble with handling the creation of databases and finding variables, etc. so it could be awhile to figure out the bugs. I'm also working on securing the SQL code so that injections aren't possible. So, in short, today was a bugfix day with these improvements:
- Added "create" command (for developer only), allowing you to create user permissions (for testing)
- Added "permissions" command to display user permissions
- Worked on some more SQL checking, getting, and setting code
I'm still working on getting the SQL to load and save properly.
A quick search led me to this approach to avoiding SQL injection:
ReplyDeletehttp://stackoverflow.com/questions/1812891/java-escape-string-to-prevent-sql-injection
What user permissions are you talking about? See my post from Monday. I am getting more convinced each week that you need to take an iterative approach to building your app, adding bite size bits of functionality one at a time. Forget about displaying user permissions for now. First create simple users with a login and password and create an app that lets them login.