ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Clinton Begin" <clinton.be...@gmail.com>
Subject Re: PreparedStatement for procedure calls ?
Date Mon, 12 May 2008 18:09:38 GMT
It uses CallableStatements for procs.  CallableStatements are
PreparedStatements so it can still be said that iBATIS always uses
PreparedStatements. :-)

On Mon, May 12, 2008 at 11:48 AM, mfs <farhan.sarwar@gmail.com> wrote:
>
>  anyone..?
>
>
>  mfs wrote:
>  >
>  > Guys,
>  >
>  > My understanding is that ibatis internally uses preparedstatement for all
>  > db calls, which offcourse eliminates the sql-injection vulnerability (to
>  > some extend atleast)..
>  >
>  > Now, I haven't really played around with Preparedstatements much, thats
>  > why putting up a pretty naive question.
>  >
>  > Q. So does ibatis uses preparedStatements for procedure calls as well ?
>  > The reason i ask so is because i am using Dynamic SQL in my stored
>  > procedures (where even the column names are being dynamically
>  > generated)..so just had fears of sql injection exploitation..and hence the
>  > above question...
>  >
>  > Thanks in advance..
>  >
>  >
>
>  --
>  View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html
>
>
> Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
>
>

Mime
View raw message