ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfs <farhan.sar...@gmail.com>
Subject PreparedStatement for procedure calls ?
Date Mon, 12 May 2008 08:13:31 GMT

Guys,

My understanding is that ibatis internally uses preparedstatement for all db
calls, which offcourse eliminates the sql-injection vulnerability (to some
extend atleast).. 

Now, I haven't really played around with Preparedstatements much, thats why
putting up a pretty naive question.

Q. So does ibatis uses preparedStatements for procedure calls as well ? The
reason i ask so is because i am using Dynamic SQL in my stored procedures
(where even the column names are being dynamically generated)..so just had
fears of sql injection exploitation..and hence the above question... 

Thanks in advance..

-- 
View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17183213.html
Sent from the iBATIS - User - Java mailing list archive at Nabble.com.


Mime
View raw message