ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfs <farhan.sar...@gmail.com>
Subject PreparedStatement for procedure calls ?
Date Mon, 12 May 2008 08:13:31 GMT


My understanding is that ibatis internally uses preparedstatement for all db
calls, which offcourse eliminates the sql-injection vulnerability (to some
extend atleast).. 

Now, I haven't really played around with Preparedstatements much, thats why
putting up a pretty naive question.

Q. So does ibatis uses preparedStatements for procedure calls as well ? The
reason i ask so is because i am using Dynamic SQL in my stored procedures
(where even the column names are being dynamically generated)..so just had
fears of sql injection exploitation..and hence the above question... 

Thanks in advance..

View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17183213.html
Sent from the iBATIS - User - Java mailing list archive at Nabble.com.

View raw message