Hi Jeff.
Is there no danger of SQL Injection even if the stored procedure internally
uses the parameters to dynamically construct a query? In other words, are the
parameters actively escaped by iBATIS even if I use a '?' when calling an
stored procedure?
Thanks in advance!
Arsalan Zaidi
--
Hi, I am working with a db that doesn't support UUID, so we specify the id
column in the db as an nvarchar(36). I follow this example
http://opensource.atlassian.com/confluence/oss/display/IBATIS/How+do+I+use+a+Custom+Type+Handler+with+complex+property+or+Type+Safe+Enumeration
and created my Type
Wouldn't I have to give unique column names for those identifying the child
data?
For example
table parentChild
some_foreign_key int
id int
description varchar(64)
parent_id int
rows
id descriptionparent_id
0 grandparent
Sorry, most of my work is in Java and this is the list I watch. I just
picked up this c# project recently and didn't even know there was a
dedicated group.
Thanx,
Garth
Larry Meadors wrote:
BTW, you'll probably have better luck on the ibatis-cs list in the
future. ;-)
Larry
On 2/20/07, Ga
BTW, you'll probably have better luck on the ibatis-cs list in the future. ;-)
Larry
On 2/20/07, Garth Keesler <[EMAIL PROTECTED]> wrote:
One of my favorite web sites but I was unaware that you could set the
protocol in the connection string. Worked like a champ!
Thanx for the quick response,
One of my favorite web sites but I was unaware that you could set the
protocol in the connection string. Worked like a champ!
Thanx for the quick response,
Garth
Gilles Bayon wrote:
Change you connection string, http://www.connectionstrings.com/
On 2/20/07, *Garth Keesler* <[EMAIL PROTECTED]
Change you connection string, http://www.connectionstrings.com/
On 2/20/07, Garth Keesler <[EMAIL PROTECTED]> wrote:
Whats the easiest way to change iBatisNet from using named pipes to
using TCP/IP?
Thanx,
Garth
--
Cheers,
Gilles
http://www.amazon.com/gp/registry/6JCP7AORB0LE";>Wish List
Whats the easiest way to change iBatisNet from using named pipes to
using TCP/IP?
Thanx,
Garth
Tim - I'd take a very close look at whether it's really working in iBATIS
2.1.7. If it is, then it's just dumb luck.
Take a look at the test case I added to the JIRA ticket:
http://issues.apache.org/jira/browse/IBATIS-396
This test fails under both 2.1.7 and 2.3.0, but in different ways.
Of c
Hi Jeff,
Claudio and I are able to use 2.1.7 successfully - it stopped working in
2.2 versions. Bummer about there maybe not being a fix going forward -
I've got a ton of queries that use this feature and of course I don't want
to change any long-time stable code which I'd have to do to use a
Interesting
In my tests, it fails in BOTH versions (2.1.7 and 2.3.0), but in different
ways. So something definitely changed. In my test, 2.3.0 is closer to
correct than 2.1.7 is.
But the important truth is that it does fail in both versions.
For now, I think a row handler is the best way
oh... you're doomed ;-)
On 2/20/07, Brad Handy <[EMAIL PROTECTED]> wrote:
I guess I should've mentioned I'm using Sybase. :o)
On 2/20/07, Clinton Begin <[EMAIL PROTECTED] > wrote:
>
>
> i.e. is it a join with a bridge table or not (1:M or M:N)?
>
> Regardless, I wonder if a recursive result
I'm debugging multithreaded application for connection leaks and found that
iBatis logging is not quite helpful. E.g. I have output like:
2007-02-20 17:15:17,406 DEBUG [com.ibatis.common.jdbc.SimpleDataSource] -
Created connection 30426707.
2007-02-20 17:15:17,406 DEBUG [java.sql.Connection] - {c
There is no danger of SQL injection in the first example. This is standard
JDBC syntax for stored procedures.
You can use the # syntax if you want, but you can't use a parameter map.
Use a parameter class instead, and you'll need to use the advance inline
paramater syntax. But you should know t
I''m surprised by this (obviously). I'll take a look. It probably has to
do with the new support for multiple result sets.
Jeff Butler
On 2/20/07, Claudio Iacovozzi <[EMAIL PROTECTED]> wrote:
I tested my given example with iBatis 2.1.7.597 and it works! Ibatis
creates the expected bean:
Ag
I tested my given example with iBatis 2.1.7.597 and it works! Ibatis creates
the expected bean:
Agent1 --> List {1:Customer1, 3:Customer2}
--> List {1:housebreaking, 2:damage, 4:theft}
Further tests with more depth (e.g. Custommer containing adresses) or
breadth (Agent containing addition
I guess I should've mentioned I'm using Sybase. :o)
On 2/20/07, Clinton Begin <[EMAIL PROTECTED]> wrote:
i.e. is it a join with a bridge table or not (1:M or M:N)?
Regardless, I wonder if a recursive result map would workIt might.
...
I don't see any reason why that would cause a
Hi Brad,
Have a look at the "WITH" statement (it is ANSI specified) and CTE's (common
table expressions). Here is an example with SQL 2005.
http://msdn2.microsoft.com/en-us/library/ms186243.aspx
I am sure the logic will also work off Oracle versions that support the WITH
statement (may
Hi All.
When I call a stored procedure in Oracle like below, it works just fine:
{ call ABC$$ECOM.get_titles( ?,?,?,? ) }
However, I think using '?' does not provide any protection from SQL
injection attacks. Conve
19 matches
Mail list logo
