Preventing SQL Injection In Ibatis

Is there anything built into Ibatis that helps prevent SQL Injection attacks? I'm not looking for a list of ways outside of Ibatis to do this, and am just wondering 开发者_开发百科if Ibatis has anything to prevent SQL Injection.

IBatis uses JDBC prepared statements under the hood and is therefore safe. However this only applies if your use the # notation. It's also possible to concat variables directly into your query using the $ notation which is not safe (unless you escape them). See this article for background info.

I'd guess iBatis is using prepared statements, and parameter binding, so it's safe.