Code Room
Code reviewHardcr-g022
Subject Sql injectionLevel Senior–Staff~30 minCommon in Security · Databases & SQL interviewsIndustries Software development

Question

Review this Java DAO method.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
public List<Report> reportsForTenant(String tenantId) throws SQLException {    String table = "reports_" + tenantId;          // per-tenant sharded table    String sql = "SELECT id, title, body FROM " + table               + " WHERE archived = false ORDER BY id DESC LIMIT 100";    try (Statement st = conn.createStatement();         ResultSet rs = st.executeQuery(sql)) {        List<Report> out = new ArrayList<>();        while (rs.next()) {            out.add(new Report(rs.getLong("id"), rs.getString("title"), rs.getString("body")));        }        return out;    }}
Run or narrate your approach, then ask the coach.