Thread: How to modify core Java interface java.sql.Statement.execute(String sql)?

Hello,

I am trying to find a way on how to modify java.sql.Statement.execute(String sql) method.
It is in interface and unfortunately no implementation class found in src package of Java.

Can you please suggest me on how can I modify the behaviour of this method?
I need to sanitize the String sql first (from SQL Injection) and the let it behave as it should.

I have to mention, I am working on the Java framework, and not on source code of the application.
Meaning that I can only modify core Java classes, I am doing a research on creating new java version which will allow SQLi sanitization dynamically without any modification to the source code of the web applications.

Cheers,
amughost

There should be a way of doing it without modification to the entire library modification, because the idea is to enhance methods, but not to change the whole structure of library.
I need to filter the String sql before allowing to execute it.

I have found that in PHP, it is possible to change MySQL module and embed sanitization there, and then sent the query to MySQL engine for execution

Sorry, I have found the solution already. Thank you!

I would say PreparedStatement prevents from SQL Injection, but not protects you. It is still vulnerable.
The Statement.executequery() implementation is under MySQL module for Java called MySQL Connector/J.
But Of course, for each DBMS, there is different implementation.

Thank you for your help anyways!