06-05-2011, 04:34 AM
I have definitely used url parameters for prepared statement values but of course the security person in me cautions against doing so directly. I always use a front end framework with conversion and validation such as JSF to validate untrusted user input and prepare a bean for processing by our service and business logic layers. These layers are then injected with a DAO layer which handles the DB access. Our DAO layer of choice is iBatis SQL mapper which allows us to maintain our queries and ORM mappings in a nice clean XML file. We also use spring to wire everything up and spring annotations for transaction management.
JSF XHTML Page->Conversion/Validation->Backing Bean->Service Layer->DAO->iBatis->JDBC->Oracle
I have a lot of respect for someone with a CS degree but we look at the degree last and sometimes not at all when we select a candidate.
I can tell by talking to a developer and asking specific questions based on what they have on their resume if they can walk the walk.
JSF XHTML Page->Conversion/Validation->Backing Bean->Service Layer->DAO->iBatis->JDBC->Oracle
I have a lot of respect for someone with a CS degree but we look at the degree last and sometimes not at all when we select a candidate.
I can tell by talking to a developer and asking specific questions based on what they have on their resume if they can walk the walk.
BSBA CIS from TESC, BA Natural Science/Math from TESC
MBA Applied Computer Science from NCU
Enrolled at NCU in the PhD Applied Computer Science
MBA Applied Computer Science from NCU
Enrolled at NCU in the PhD Applied Computer Science
![[-]](https://www.degreeforum.net/mybb/images/collapse.png)
