Guys, My understanding is that ibatis internally uses preparedstatement for all db calls, which offcourse eliminates the sql-injection vulnerability (to some extend atleast)..
Now, I haven't really played around with Preparedstatements much, thats why putting up a pretty naive question. Q. So does ibatis uses preparedStatements for procedure calls as well ? The reason i ask so is because i am using Dynamic SQL in my stored procedures (where even the column names are being dynamically generated)..so just had fears of sql injection exploitation..and hence the above question... Thanks in advance.. -- View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17183213.html Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
