Daryl Teo created NIFI-978:
------------------------------
Summary: Support parameterized prepared statements in ExecuteSQL
Key: NIFI-978
URL: https://issues.apache.org/jira/browse/NIFI-978
Project: Apache NiFi
Issue Type: Improvement
Reporter: Daryl Teo
Priority: Minor
PutSQL and ExecuteSQL are highly inconsistent and leads to confusion.
- PutSQL relies on FlowFile content to execute it's statement.
- ExecuteSQL relies on SQL Select Command attribute
- PutSQL supports parameterized statements through sql.args attributes
- ExecuteSQL relies on Expression Language to insert dynamic properties
The reliance on expression language for ExecuteSQL may also lead to potential
SQL injection if one is not careful as it is a string replacement.
Therefore in the interest of reliability and consistency I highly recommend
that the SQL processors be standardised.
Note: I prefer the sql command attribute for running SQL as opposed to the
(lower visibility) content based command specification. Having the query
attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a
great improvement. If you support this, I will create a new issue in Jira.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
