ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pham Anh Tuan" <anht...@ichi-corp.jp>
Subject Re: [HELP] Whether or not iBatis support SQL Injection?
Date Wed, 06 Jul 2005 02:10:49 GMT
oh, thanks all you :)

but I don't understand clearly why when we use ## is more safe than using 
$$.

Is there any special things in using ## ???

help me!
----- Original Message ----- 
From: "Brandon Goodin" <brandon.goodin@gmail.com>
To: <user-java@ibatis.apache.org>
Sent: Tuesday, July 05, 2005 8:54 PM
Subject: Re: [HELP] Whether or not iBatis support SQL Injection?


> If you are using the #myProperty# delimiters you need not worry about
> sql injection. If you use the $myProperty$ literals you would need to
> guard against sql injection on your own.
>
> Brandon.
>
> On 7/5/05, Pham Anh Tuan <anhtuan@ichi-corp.jp> wrote:
>>
>> Hi all,
>>
>> I don't know whether or not iBatis support checking SQL Injection or not 
>> ?
>>
>> plz help me :)
>>
>> Pham
>
> 



Mime
View raw message