ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfs <farhan.sar...@gmail.com>
Subject Re: PreparedStatement for procedure calls ?
Date Tue, 13 May 2008 00:53:43 GMT

thanks..



Clinton Begin wrote:
> 
> It uses CallableStatements for procs.  CallableStatements are
> PreparedStatements so it can still be said that iBATIS always uses
> PreparedStatements. :-)
> 
> On Mon, May 12, 2008 at 11:48 AM, mfs <farhan.sarwar@gmail.com> wrote:
>>
>>  anyone..?
>>
>>
>>  mfs wrote:
>>  >
>>  > Guys,
>>  >
>>  > My understanding is that ibatis internally uses preparedstatement for
>> all
>>  > db calls, which offcourse eliminates the sql-injection vulnerability
>> (to
>>  > some extend atleast)..
>>  >
>>  > Now, I haven't really played around with Preparedstatements much,
>> thats
>>  > why putting up a pretty naive question.
>>  >
>>  > Q. So does ibatis uses preparedStatements for procedure calls as well
>> ?
>>  > The reason i ask so is because i am using Dynamic SQL in my stored
>>  > procedures (where even the column names are being dynamically
>>  > generated)..so just had fears of sql injection exploitation..and hence
>> the
>>  > above question...
>>  >
>>  > Thanks in advance..
>>  >
>>  >
>>
>>  --
>>  View this message in context:
>> http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html
>>
>>
>> Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
>>
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17199044.html
Sent from the iBATIS - User - Java mailing list archive at Nabble.com.


Mime
View raw message