nieyankai removed a comment on issue #113:
URL: https://github.com/apache/incubator-age/issues/113#issuecomment-918047154
> I understood the question as "How can I attach properties and values to a
vertex if I don't know the properties beforehand". Are the properties
predefined (e.g., the user can enter some properties such as "name", "age",
"job" information, but no others), are is the user completely free to enter
data?
>
> I see two possible solutions (I assume the "system" you are talking about
consists of some application logic):
>
> 1. Parse the data entered by the user and construct the correct query
(specifically the part `name:$name, age: $age` in the example below) in your
application logic. Make sure to check if the properties ("name", "age", "job")
only contain certain characters (or if the allowed properties are predefined:
check if they are in this predefined list) to prevent [SQL
injections](https://en.wikipedia.org/wiki/SQL_injection). Example of a query
with properties "name" and "age":
>
> ```
> SELECT * from ag_catalog.cypher(
> 'people',
> $$ CREATE (nyk:person{name:$name, age: $age}) RETURN nyk, $1 $$
> ) as (v ag_catalog.agtype);
> ```
>
> where you then pass the values as json text string:
>
> ```
> '{"name": "Jane", "age": 35}'
> ```
>
> 1. Enter the data entered by the user as a map under a specific property
(e.g., "data"). I don't know if this has repercussions on the querying
performance. Example:
>
> ```
> SELECT * from ag_catalog.cypher(
> 'people',
> $$ CREATE (nyk:person{data:$data}) RETURN nyk, $1 $$
> ) as (v ag_catalog.agtype);
> ```
>
> with as parameter
>
> ```
> '{"data": {"name": "Jane", "age": 35}}'
> ```
> I understood the question as "How can I attach properties and values to a
vertex if I don't know the properties beforehand". Are the properties
predefined (e.g., the user can enter some properties such as "name", "age",
"job" information, but no others), are is the user completely free to enter
data?
>
> I see two possible solutions (I assume the "system" you are talking about
consists of some application logic):
>
> 1. Parse the data entered by the user and construct the correct query
(specifically the part `name:$name, age: $age` in the example below) in your
application logic. Make sure to check if the properties ("name", "age", "job")
only contain certain characters (or if the allowed properties are predefined:
check if they are in this predefined list) to prevent [SQL
injections](https://en.wikipedia.org/wiki/SQL_injection). Example of a query
with properties "name" and "age":
>
> ```
> SELECT * from ag_catalog.cypher(
> 'people',
> $$ CREATE (nyk:person{name:$name, age: $age}) RETURN nyk, $1 $$
> ) as (v ag_catalog.agtype);
> ```
>
> where you then pass the values as json text string:
>
> ```
> '{"name": "Jane", "age": 35}'
> ```
>
> 1. Enter the data entered by the user as a map under a specific property
(e.g., "data"). I don't know if this has repercussions on the querying
performance. Example:
>
> ```
> SELECT * from ag_catalog.cypher(
> 'people',
> $$ CREATE (nyk:person{data:$data}) RETURN nyk, $1 $$
> ) as (v ag_catalog.agtype);
> ```
>
> with as parameter
>
> ```
> '{"data": {"name": "Jane", "age": 35}}'
> ```
You got it. The property is not predefined, no one knows the property key
util the user enter it.
So the 2nd solution is a choice, but this will encounter another problem:
how to match the properties?
I want to use like this but I can't:
SELECT * from ag_catalog.cypher(
'people',
$$ MATCH(nyk:person{$key1:$value1,$key2:$value2....}) RETURN nyk, $1, $2,
$3, $4... $$
) as (v ag_catalog.agtype);
or
SELECT * from ag_catalog.cypher(
'people',
$$ MATCH(nyk:person{some map user entered}) RETURN nyk, $1 $$
) as (v ag_catalog.agtype);
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@age.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
