ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Dahl <clickjohnd...@gmail.com>
Subject Re: Running dynamic sp
Date Wed, 01 Aug 2007 08:50:32 GMT

I can't avoid using $ in my case as I need a method to run any sp with
varying no of parameters. Anyway thanks guys for the solution and
suggestions.


Ashok Madhavan wrote:
> 
> i would always prefer not to use '$'. else you will have to check what is
> sent in the '$' and make sure it is proper and what u want.
> 
> anyways i like the methods being different for your scenario
> 
> regards
> ashok
> 
> On 7/31/07, Larry Meadors <lmeadors@apache.org> wrote:
>>
>> Only if you control the value of sp_name very carefully. If someone
>> can set it to "drop table order;--" you're screwed. :-)
>>
>> Larry
>>
>>
>> On 7/31/07, John Dahl <clickjohndahl@gmail.com> wrote:
>> >
>> > OK, I did it successfully with "$" operator.
>> > One thing I would like to know is can we prevent sql injection in this
>> case.
>> >
>> > Thank you for the solution.
>> >
>> >
>> > John Dahl wrote:
>> > >
>> > > Ok, here is my requirement. I need to run different sp having
>> different
>> > > parameters. For eg. I need to run following sps
>> > > 1) call generate_bill( #bill_id#)
>> > > 2) call generate_invoice(#invoice_id, #start_date#, #end_date#)
>> > >
>> > > Can I create a single method in sql maps with dynamic tags (or
>> > > programatically) so that the same method can be called to execute any
>> of
>> > > these sps. sp Name and parameter map need to be resolved only at run
>> time.
>> > > Is it possible with iBatis.
>> > >
>> > > Thanx in advance.
>> > >
>> >
>> > --
>> > View this message in context:
>> http://www.nabble.com/Running-dynamic-sp-tf4165246.html#a11923238
>> > Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
>> >
>> >
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/Running-dynamic-sp-tf4165246.html#a11941917
Sent from the iBATIS - User - Java mailing list archive at Nabble.com.


Mime
View raw message