Return-Path: 
 <users-return-17562-apmail-camel-users-archive=camel.apache.org@camel.apache.org>
Delivered-To: apmail-camel-users-archive@www.apache.org
Received: (qmail 15494 invoked from network); 30 Dec 2010 19:16:07 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 30 Dec 2010 19:16:07 -0000
Received: (qmail 49947 invoked by uid 500); 30 Dec 2010 19:16:07 -0000
Delivered-To: apmail-camel-users-archive@camel.apache.org
Received: (qmail 49886 invoked by uid 500); 30 Dec 2010 19:16:07 -0000
Mailing-List: contact users-help@camel.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@camel.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@camel.apache.org>
List-Post: <mailto:users@camel.apache.org>
List-Id: <users.camel.apache.org>
Reply-To: users@camel.apache.org
Delivered-To: mailing list users@camel.apache.org
Received: (qmail 49784 invoked by uid 99); 30 Dec 2010 19:16:07 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 19:16:07 +0000
X-ASF-Spam-Status: No, hits=1.5 required=10.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of tommy.chheng@gmail.com
 designates 209.85.212.173 as permitted sender)
Received: from [209.85.212.173] (HELO mail-px0-f173.google.com)
 (209.85.212.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 19:15:58 +0000
Received: by pxi16 with SMTP id 16so2300549pxi.32
        for <users@camel.apache.org>; Thu, 30 Dec 2010 11:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:date:from:to:message-id
         :in-reply-to:references:subject:x-mailer:mime-version:content-type
         :content-transfer-encoding;
        bh=pBexw74qoqfHbRywoZwcSAqL0cFG61hagAKvOZzHx+0=;
        b=SQ1s7hEL+wdyGyfvaFhYSPmFbPHnVevJhB9jrH75wHjVL5L1t0ZmhYPOBycFZm8zFd
         rVMI+TQipwvieEcTlp4KdCCfvdItWVjVdeLrQHerYqJrEeZqOItb+hrt6mLBrFXISPrf
         zrCwpGTBxA5Mtm211LxNCCvQxHjyzkJr/+uQs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=date:from:to:message-id:in-reply-to:references:subject:x-mailer
         :mime-version:content-type:content-transfer-encoding;
        b=vwcgActLy913Q1FIIPrBZieJL2G00dllBgDZEyR3oB0/LGvRBcB/SEO9uGjw6EFNN7
         RZOl9Tey5Uje0v4MkFfd3lCXemfUYEgNw9Zylsx5Y5wDIUojNmUTROCBxYQri2DoCc99
         5JrPvJSrl1ezsX5LFaWYyA8haq4BeN0vyFCxo=
Received: by 10.142.216.7 with SMTP id o7mr13409995wfg.123.1293736536963;
        Thu, 30 Dec 2010 11:15:36 -0800 (PST)
Received: from 68-245-171-115.pools.spcsdns.net
 (173-122-79-50.pools.spcsdns.net [173.122.79.50])
        by mx.google.com with ESMTPS id f5sm22856669wfg.14.2010.12.30.11.15.35
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 30 Dec 2010 11:15:36 -0800 (PST)
Date: Thu, 30 Dec 2010 11:15:32 -0800
From: Tommy Chheng <tommy.chheng@gmail.com>
To: users@camel.apache.org
Message-ID: <D3B3B73203E04256AD16699C0FD24E22@gmail.com>
In-Reply-To: <AANLkTikMCzowGwex=_k-gj9UEYq50ytM4M4Y3QrhE-We@mail.gmail.com>
References: <6B0A7F3B19694810ABBD810348AE21AE@gmail.com>
 <AANLkTikMCzowGwex=_k-gj9UEYq50ytM4M4Y3QrhE-We@mail.gmail.com>
Subject: Re: prepared statements in camel-jdbc?
X-Mailer: sparrow 1.0beta7 (build 456)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="4d1cda54_5a83b7f9_2c25"
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

--4d1cda54_5a83b7f9_2c25
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline

 Thanks Christian, looks like the camel-sql is a better fit than the camel-jdbc component. It handles the prepared statements the way i needed it.


The prepared statement is safer than manually constructing the sql statement in a bean because I create the sql statement string based on an external xml input.


-- 
@tommychheng
http://tommy.chheng.com


On Monday, December 27, 2010 at 8:52 AM, Christian Müller wrote:

> Hello Tommy!
> 
> I didn't understand how the prepared statement can be an improvement here
> (preventing sql injection) when the sql is constructed in your bean. Could
> you please explain in more detail what do you want. At present, the
> camel-jdbc component expects a sql query or sql update in the exchange in
> message body which is executed (without resolving placeholders).
> 
> May be the camel-sql [1] component is what you are looking for. This
> component use a prepared statement
> (org.springframework.jdbc.core.PreparedStatementCallback) and also do
> placeholder resolving.
> 
> [1] http://camel.apache.org/sql-component.html
> 
> Cheers,
> Christian
> 
> On Mon, Dec 27, 2010 at 7:59 AM, Tommy Chheng <tommy.chheng@gmail.com>wrote:
> 
> 
> > Is it possible to use jdbc's prepared statements with camel-jdbc?
> > It's more for a matter of preventing sql injection than performance.
> > 
> > 
> > My route is using a bean to transform an xml data input into a insert
> > statement like this:
> > from("direct:xmlInput").
> > bean(classOf[xmlTransformToSql]).
> > log("Received: ${body}").
> > to("jdbc:test_data")
> > 
> > 
> > I'm escaping the input in the bean but a prepared statement would be more
> > secure.
> > 
> > 
> > 
> > --
> > @tommychheng
> > http://tommy.chheng.com
> > 
> > 
> 
> 
> 
> 



--4d1cda54_5a83b7f9_2c25--