It uses CallableStatements for procs. CallableStatements are PreparedStatements so it can still be said that iBATIS always uses PreparedStatements. :-)
On Mon, May 12, 2008 at 11:48 AM, mfs <[EMAIL PROTECTED]> wrote: > > anyone..? > > > mfs wrote: > > > > Guys, > > > > My understanding is that ibatis internally uses preparedstatement for all > > db calls, which offcourse eliminates the sql-injection vulnerability (to > > some extend atleast).. > > > > Now, I haven't really played around with Preparedstatements much, thats > > why putting up a pretty naive question. > > > > Q. So does ibatis uses preparedStatements for procedure calls as well ? > > The reason i ask so is because i am using Dynamic SQL in my stored > > procedures (where even the column names are being dynamically > > generated)..so just had fears of sql injection exploitation..and hence the > > above question... > > > > Thanks in advance.. > > > > > > -- > View this message in context: > http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html > > > Sent from the iBATIS - User - Java mailing list archive at Nabble.com. > >
