database spring-data spring-data-jpa sql-injection

Is Spring Data JPA safe against SQL injection

I am trying to find information about Spring Security JPA and if methods like .save() are protected from sql injection.

For instance I have object Customer. that I want to persist to my database. I am using CustomerRepository Spring implementation to operate on that entity. Customer's constructor is using parameters from the user. When everything is staged I am invoking .save(). Is this safe against sql injection or Should I do the check up first?

Solution

.save() is safe, only the usage of native queries is vulnerable.

List results = entityManager.createNativeQuery("Select * from Customer where name = " + name).getResultList();

You can make native queries safe also, if you use a parameter.

Query sqlQuery = entityManager.createNativeQuery("Select * from Customer where name = ?", Customer.class);
List results = sqlQuery.setParameter(1, "John Doe").getResultList();

In MongoDB's pymongo, how do I do a count()?
Laravel Database Insert Error in artisan tinker
Optimizing MariaDB Query When Re-Querying Same Table
Simple export and import of a SQLite database on Android
How to visualize database tables in postgresql using pgAdmin?
how to solve django.db.utils.NotSupportedError in django
Watching a table for change in MySQL?
conceptual diagram abstraction and null values
is there a MYSQL tables schema for storing raw material, intermediate and final products?
How can I get partial participation of both entities in 1:1 relationship
mutate columns in R that start with a particular letter - converting character to numeric
How to show full definition of function or procedure?
What is the maximum number of connections for a SQLite3 database?
Automate the Snowflake reports to email
MySQL: Cloning a MySQL database on the same MySql instance
Fixing all sequences in PostgreSQL 15 after migrating with logical replication from PostgreSQL 11
What are the main differences between Redis/Valkey Pub/Sub and Streams?
How to retrieve the last autoincremented ID from a SQLite table?
All data is become NULL when run Update Query MySQL
Execute SQL from file in SQLAlchemy
How can I write a trigger and function to insert data into table2 when a new row is inserted into table1, while avoiding duplicates in table2?
Using Django to visualise scraped data
i'm having trouble creating the database using symfony framework
Display data from state with React Typescript
Find gap between values of the same type in sql
How Connect to multiple collections in Mongoose?
Django database connections pool with psycopg2.pool
How to generate the whole database script in MySQL Workbench?
postgresql: Invalid data directory | Can't open PID file /var/run/postgresql/10-main.pid (yet?) after start: No such file or directory
The right place to host shared tables between WordPress web site and mobile apps