camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommy Chheng <tommy.chh...@gmail.com>
Subject Re: prepared statements in camel-jdbc?
Date Thu, 30 Dec 2010 19:15:32 GMT
 Thanks Christian, looks like the camel-sql is a better fit than the camel-jdbc component.
It handles the prepared statements the way i needed it.


The prepared statement is safer than manually constructing the sql statement in a bean because
I create the sql statement string based on an external xml input.


-- 
@tommychheng
http://tommy.chheng.com


On Monday, December 27, 2010 at 8:52 AM, Christian Müller wrote:

> Hello Tommy!
> 
> I didn't understand how the prepared statement can be an improvement here
> (preventing sql injection) when the sql is constructed in your bean. Could
> you please explain in more detail what do you want. At present, the
> camel-jdbc component expects a sql query or sql update in the exchange in
> message body which is executed (without resolving placeholders).
> 
> May be the camel-sql [1] component is what you are looking for. This
> component use a prepared statement
> (org.springframework.jdbc.core.PreparedStatementCallback) and also do
> placeholder resolving.
> 
> [1] http://camel.apache.org/sql-component.html
> 
> Cheers,
> Christian
> 
> On Mon, Dec 27, 2010 at 7:59 AM, Tommy Chheng <tommy.chheng@gmail.com>wrote:
> 
> 
> > Is it possible to use jdbc's prepared statements with camel-jdbc?
> > It's more for a matter of preventing sql injection than performance.
> > 
> > 
> > My route is using a bean to transform an xml data input into a insert
> > statement like this:
> > from("direct:xmlInput").
> > bean(classOf[xmlTransformToSql]).
> > log("Received: ${body}").
> > to("jdbc:test_data")
> > 
> > 
> > I'm escaping the input in the bean but a prepared statement would be more
> > secure.
> > 
> > 
> > 
> > --
> > @tommychheng
> > http://tommy.chheng.com
> > 
> > 
> 
> 
> 
> 



Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message