Onyx2406 commented on PR #3690: URL: https://github.com/apache/fineract/pull/3690#issuecomment-1912018474
> Hi @Onyx2406, can you pls elaborate a bit more how this is fixing something? > > The original implementation is also using a preparedstatement under the hood, only Sonar doesn't detect that, hence the // NOSONAR comment, but it's perfectly safe from SQL injection. > > Let me know. @galovics Thank you for your insights and feedback on the PR. After considering your comments, I agree that the original implementation using jdbcTemplate.queryForRowSet, internally uses a PreparedStatement, is sufficient for our needs and is safe from SQL injection concerns. Given this, I am closing this PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
