SQL Injection Prevention in Ibatis

Question

SQL Injection Prevention in Ibatis

Is there anything built into Ibatis that helps prevent SQL Injection attacks? I'm not looking for a list of ways outside Ibatis to do this, and I'm just wondering if Ibatis has anything to prevent SQL injection.

+7

java sql mysql ibatis

stevebot Oct 13 '10 at 20:40

source share

2 answers

I would suggest that iBatis uses prepared instructions and binds parameters, so it is safe.

-one

Bozho Oct 13 '10 at 21:04

source share

Richard Kettelerij · Accepted Answer · 2010-10-13T22:00:23+0000

IBatis uses JDBC-prepared statements under the hood and is therefore safe. However, this only applies if you use the notation # . It is also possible to embed variables directly into your query using the $ notation, which is unsafe (unless you escape them). See this article for more information.

SQL Injection Prevention in Ibatis

More articles: