Re: Escaping inline parameters in an XML Mapper

39 views
Skip to first unread message

Jeff Butler

unread,
Aug 24, 2012, 10:13:32 AM8/24/12
to mybati...@googlegroups.com
What do you mean by "escape".  ${} is string substitution in MyBatis.  If you want the strings pre-processed somehow, you will need to make that happen somewhere in your app.

Jeff Butler


On Fri, Aug 24, 2012 at 9:56 AM, Zaher Hammoud <zaher....@gmail.com> wrote:
I am using an XML mapper and would like to use inline(non bind) parameters in my queries. I know that inline parameters "${param}" are not escaped for SQL injection. What is the desirable way to escape these parameters? Escaping them in my Service layer is  not an option for me.

Reply all
Reply to author
Forward
0 new messages