ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfs <farhan.sar...@gmail.com>
Subject Re: PreparedStatement for procedure calls ?
Date Mon, 12 May 2008 17:48:25 GMT

anyone..?

mfs wrote:
> 
> Guys,
> 
> My understanding is that ibatis internally uses preparedstatement for all
> db calls, which offcourse eliminates the sql-injection vulnerability (to
> some extend atleast).. 
> 
> Now, I haven't really played around with Preparedstatements much, thats
> why putting up a pretty naive question.
> 
> Q. So does ibatis uses preparedStatements for procedure calls as well ?
> The reason i ask so is because i am using Dynamic SQL in my stored
> procedures (where even the column names are being dynamically
> generated)..so just had fears of sql injection exploitation..and hence the
> above question... 
> 
> Thanks in advance..
> 
> 

-- 
View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html
Sent from the iBATIS - User - Java mailing list archive at Nabble.com.


Mime
View raw message