thanks..
Clinton Begin wrote: > > It uses CallableStatements for procs. CallableStatements are > PreparedStatements so it can still be said that iBATIS always uses > PreparedStatements. :-) > > On Mon, May 12, 2008 at 11:48 AM, mfs <[EMAIL PROTECTED]> wrote: >> >> anyone..? >> >> >> mfs wrote: >> > >> > Guys, >> > >> > My understanding is that ibatis internally uses preparedstatement for >> all >> > db calls, which offcourse eliminates the sql-injection vulnerability >> (to >> > some extend atleast).. >> > >> > Now, I haven't really played around with Preparedstatements much, >> thats >> > why putting up a pretty naive question. >> > >> > Q. So does ibatis uses preparedStatements for procedure calls as well >> ? >> > The reason i ask so is because i am using Dynamic SQL in my stored >> > procedures (where even the column names are being dynamically >> > generated)..so just had fears of sql injection exploitation..and hence >> the >> > above question... >> > >> > Thanks in advance.. >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17189901.html >> >> >> Sent from the iBATIS - User - Java mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/PreparedStatement-for-procedure-calls---tp17183213p17199044.html Sent from the iBATIS - User - Java mailing list archive at Nabble.com.
