I want to avoid sql injection in my application.There are two jdbcTemplate method like
public <T> T execute(String sql,PreparedStatementCallback<T> action)throws DataAccessException
OR
public <T> T query(String sql,@Nullable,PreparedStatementSetter pss,ResultSetExtractor<T> rse)
throws DataAccessException
OR
Any Other method you can suggest to avoid sql injection. Thanks in advance.
TL;DR
Execute method allows you to execute any arbitrary data access operation within one single statement.
Query method lets you send a query using a prepared statement.
For these and all other methods from the documentation there are some methods that can deal with the same circumstances. It's up to the developer to choose those that are most convenient for their job.
As a suggestion, I would recommend using some patterns like the query method for retrieving data, and the update method to insert, update or delete data.