ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry Meadors <larry.mead...@gmail.com>
Subject Re: I guess one can not parameterize the table name
Date Tue, 28 Jun 2005 16:21:52 GMT
It is in the docs, but not very prominently.

The $$ syntax should be used with caution because of it's obvious
potential for SQL injection attacks.

Larry


On 6/28/05, Brice Ruth <bdruth@gmail.com> wrote:
> Is this in the Wiki? If not, maybe it ought to be? I guess I could check
> myself ... :)
> 
> 
>  
> On 6/28/05, Nathan Maves <Nathan.Maves@sun.com> wrote: 
> > Yes you can. 
> > 
> >   
> > You need to use $value$ as well as use remapResutls=true 
> > 
> >   
> > Nathan 
> > 
> > 
> >   
> > 
> > 
> > On Jun 28, 2005, at 9:35 AM, Folashade Adeyosoye wrote:
> > 
> > 
> > 
> > 
> > Such as 
> > 
> >   
> > 
> > select * from #value# where TheStatus = 'ACTIVE' and type = COLOR 
> > 
> >   
> > 
> >   
> > 
> > shardayyy 
> > 
> >   
> > 
> >  
> > 
> >  
>  
> 
> 
> -- 
> Brice Ruth
> Software Engineer, Madison WI

Mime
View raw message