Thanks - I glanced over (and the prepaired statement approach seems similar to what is done on the Oracle side of things).
I understand that this is a security concern, however did you notice any other improvement switching over to using prepaired statements? Jody > Hi all, > > I have been working on the sql injection issue in postgis: > > http://jira.codehaus.org/browse/GEOS-597 > > I have uploaded the diffs that I wish to commit. I thought I would post > them for review to whomever is interested since the changes are > significant. The changes essentially amount to using prepared statements > for an insert and an update. > > PostgisFeatureStore.java.diff > PostgisFeatureWriter.java.diff > > -Justin > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Geotools-devel mailing list Geotools-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel
