I have a Repository Interface in my Spring Boot application, as you can see below.
@Repository
public interface CounterRepository extends JpaRepository<Counter, String> {
Counter findByMediaName(String mediaName);
}
There is no implementation of this interface. It's just Spring Boot magic. I'm wondering if there is a SQL Injection risk for mediaName
parameter? I'm using Spring Boot 2.2.6.RELEASE
No, there isn't. It will create a Criteria api query (in a right way), which will escape parameters. It's like when you use prepared statements.