anyone..? mfs wrote: > > Guys, > > My understanding is that ibatis internally uses preparedstatement for all > db calls, which offcourse eliminates the sql-injection vulnerability (to > some extend atleast).. > > Now, I haven't really played around with Preparedstatements much, thats > why putting up a pretty naive question. > > Q. So does ibatis uses preparedStatements for procedure calls as well ? > The reason i ask so is because i am using Dynamic SQL in my stored > procedures (where even the column names are being dynamically > generated)..so just had fears of sql injection exploitation..and hence the > above question... > > Thanks in advance.. > >
-- View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
