On 01/07/15 07:17, Claude Warren wrote:
SelectBuilder sb = new SelectBuilder()
.addVar( "*" )
.addWhere( "?s", "?p", "?o" );
sb.setVar( Var.alloc( "?o" ), NodeFactory.createURI(
"http://xmlns.com/foaf/0.1/Person"; ) ) ;Query q = sb.build();
Hi Claude,
Should that be one of
Var.alloc( "o" )
Var.alloc(Var.canonical("?o"))
How does it compare to the corner cases in my first message?
There is at least one injection attack:
NodeFactory.createURI of
"http://xmlns.com/foaf/0.1/Person> . ?s ?q <http://example/ns";
because it is string inclusion, jena-querybuilder needs to do the same
checks that ParametrizedSparqlString does for URI. A check is needed on
literals but a different kind of test.
BTW:
and how do I add
OPTIONAL {
?s <q> 123 .
?s <v> ?x .
FILTER(?x>56)
}
?
And for UNION, there seems to be a confusion because it takes a
SelectBuilder (a subquery) but that's an SQL-ism, not SPARQL.
It seems to cause problems:
SelectBuilder sb = new SelectBuilder().addVar("*") ;
sb.addWhere("?s", "?p", "?o") ;
SelectBuilder sb1 = new SelectBuilder().addVar("*") ;
sb1.addWhere("?s", "?p", "?o") ;
sb1.addUnion(sb1) ;
Query q1 = sb1.build() ;
String s1 = q1.toString() ;
System.out.println(s1) ;
I get stack overflow.
UNION and OPTIONAL are similar - they take graph patterns.
Andy
