Hi, I've been trying to do parametrised SPARQL queries (using the QuerySolutionMap class) against d2rq, and have found that the bindings are completely ignored. I feel this is a very important issue, as otherwise there is no safe way to use user input in a query without complex escaping and quoting logic on the application side.
I came up with a bit of a hack to solve this, modifying QueryEngineD2RQ -- does this look horrible or problematic? Was the inputBinding here dropped and replaced with an empty one for a reason that I've missed? see https://gist.github.com/anonymous/f3f8c0b1a48af18cc67e P.S. There's also (just as an aside, it needs more work) a patch to Joseki on that gist, that enables basic use of query parameters on the /sparql endpoint in d2r-server. It means you can do GET /sparql?query=...&foo=123&foo_type=integer and ?foo within the query will be bound safely as "123"^^xsd:integer, without having to worry about quoting or escaping anything in foo (aside from making it URL-safe, of course) Thanks, Alex W. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ d2rq-map-devel mailing list d2rq-map-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/d2rq-map-devel
