Thanks Christian, looks like the camel-sql is a better fit than the camel-jdbc component. It handles the prepared statements the way i needed it.
The prepared statement is safer than manually constructing the sql statement in a bean because I create the sql statement string based on an external xml input. -- @tommychheng http://tommy.chheng.com On Monday, December 27, 2010 at 8:52 AM, Christian Müller wrote: > Hello Tommy! > > I didn't understand how the prepared statement can be an improvement here > (preventing sql injection) when the sql is constructed in your bean. Could > you please explain in more detail what do you want. At present, the > camel-jdbc component expects a sql query or sql update in the exchange in > message body which is executed (without resolving placeholders). > > May be the camel-sql [1] component is what you are looking for. This > component use a prepared statement > (org.springframework.jdbc.core.PreparedStatementCallback) and also do > placeholder resolving. > > [1] http://camel.apache.org/sql-component.html > > Cheers, > Christian > > On Mon, Dec 27, 2010 at 7:59 AM, Tommy Chheng <[email protected]>wrote: > > > > Is it possible to use jdbc's prepared statements with camel-jdbc? > > It's more for a matter of preventing sql injection than performance. > > > > > > My route is using a bean to transform an xml data input into a insert > > statement like this: > > from("direct:xmlInput"). > > bean(classOf[xmlTransformToSql]). > > log("Received: ${body}"). > > to("jdbc:test_data") > > > > > > I'm escaping the input in the bean but a prepared statement would be more > > secure. > > > > > > > > -- > > @tommychheng > > http://tommy.chheng.com > > > > > > > >
