| Re: [eclipselink-users] Avoid SQL Injection on NativeQueries |
Not sure what you are referring to, perhaps more details. In general binding is used by default in EclipseLink. Parameters are defined by "?" in native queries. Edilson-2 wrote: > > Hi List, > > I'm using DB2. to Optimize Query response time, im calling a procedure > which have 3 params, i want to avoid SQL Injection using EclipseLink > Methods. > Where can i find this? or, do you have suggestions to avoid SQL Injection? > > Best regards, > > -- > John Arévalo > GNU/Linux User #443701 > http://counter.li.org/ > > ----- --- http://wiki.eclipse.org/User:James.sutherland.oracle.com James Sutherland http://www.eclipse.org/eclipselink/ EclipseLink , http://www.oracle.com/technology/products/ias/toplink/ TopLink Wiki: http://wiki.eclipse.org/EclipseLink EclipseLink , http://wiki.oracle.com/page/TopLink TopLink Forums: http://forums.oracle.com/forums/forum.jspa?forumID=48 TopLink , http://www.nabble.com/EclipseLink-f26430.html EclipseLink Book: http://en.wikibooks.org/wiki/Java_Persistence Java Persistence -- View this message in context: http://www.nabble.com/Avoid-SQL-Injection-on-NativeQueries-tp20956846p21060824.html Sent from the EclipseLink - Users mailing list archive at Nabble.com.