Hello Tommy! I didn't understand how the prepared statement can be an improvement here (preventing sql injection) when the sql is constructed in your bean. Could you please explain in more detail what do you want. At present, the camel-jdbc component expects a sql query or sql update in the exchange in message body which is executed (without resolving placeholders).
May be the camel-sql [1] component is what you are looking for. This component use a prepared statement (org.springframework.jdbc.core.PreparedStatementCallback) and also do placeholder resolving. [1] http://camel.apache.org/sql-component.html Cheers, Christian On Mon, Dec 27, 2010 at 7:59 AM, Tommy Chheng <[email protected]>wrote: > Is it possible to use jdbc's prepared statements with camel-jdbc? > It's more for a matter of preventing sql injection than performance. > > > My route is using a bean to transform an xml data input into a insert > statement like this: > from("direct:xmlInput"). > bean(classOf[xmlTransformToSql]). > log("Received: ${body}"). > to("jdbc:test_data") > > > I'm escaping the input in the bean but a prepared statement would be more > secure. > > > > -- > @tommychheng > http://tommy.chheng.com > > >
