security « SQL « Java Database Q&A

1. Bad Code: Why is this dangerous?

Possible Duplicate:
Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes?
     String badInput = rawInput.replace("'","''");

2. How to implement row-level security in Java?

I am currently evaluating authentication / authorization frameworks. Apache Shiro seems to be very nice but I am missing row-level security features. E.g. there might be special rows in a database which should ...