Getting started

HB_newbie · **Joined:** Fri Aug 04, 2006 6:09 am **Posts:** 18

Name and version of the database you are using:Oracle 9i

Hi,

I am about to embark on my first project using Hibernate and I was hoping someone could give me some quick pointers.

1. Which version should i go with? Seems a 3.2 release is imminent. I do not use EJB or JEE5 if thats useful. I will be using jse5.
2. Is using Hibernate open to SQL Injection attacks?
3. Does Hibernate support the use of bind variables(Oracle feature)?

Cheers

R

PS.I started reading Hibernate in Action and was very impressed how the authors obviously knew databases and were fully aware of the OR mapping problems. Good work.

MikePloed · **Posted:** Fri Aug 04, 2006 9:43 am

1) I would go for 3.2
2) Hibernate uses prepared statements ... so it is not open to sql injection
3) yes

HB_newbie · **Joined:** Fri Aug 04, 2006 6:09 am **Posts:** 18

thanks for that.

Seems like my DBA group are going to say that the java layer is not allowed to issue direct sql and all interaction must be via stored procs.

I looked through the reference manual and it seems you can still have domain objects and in the mapping state the procs to use for update/delete/insert.

Also, alot of the initial stored procs for insert,update and delete can probably be generated - anyone have any resources on this?

Cheers

Rakesh