[
https://issues.apache.org/jira/browse/JENA-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16562066#comment-16562066
]
ASF GitHub Bot commented on JENA-1578:
--------------------------------------
Github user GregAlbiston commented on the issue:
https://github.com/apache/jena/pull/449
I've made updates to try and address the comments made so far.
- Now using _FmtUtils.stringForNode_ for conversion of RDFNode to
replacement string.
- Local method _validateParameterValue_ now used as values are being set to
prevent injection attack.
- Local method _validateSafeToInject_ now used when the query is being
parsed to prevent injection attack. This is called each of the target variables
for each relevant item. i.e. Not the varName supplied for the substitution but
the variable in the VALUES clause of the query that will be evaluated.
- The need for parenthesis is now determined when the query is being parsed
based on number of target variables in the VALUES clause and then, for a single
target variable, the presence of parenthesis in the query.
- Updated tests, removed methods no longer required and added additional
JavaDoc comments.
Thanks,
Greg
> SPARQL VALUES for ParameterizedSparqlString
> -------------------------------------------
>
> Key: JENA-1578
> URL: https://issues.apache.org/jira/browse/JENA-1578
> Project: Apache Jena
> Issue Type: New Feature
> Components: ARQ
> Affects Versions: Jena 3.8.0
> Reporter: Greg Albiston
> Priority: Minor
>
> ParameterizedSparqlString provides an API for substituting variables within
> SPARQL queries with bound values. It does not support the SPARQL VALUES
> keyword which allows multiple values to be specified. The VALUES syntax
> supports multiple values for a single variable, sets of values for multiple
> variables and multiple sets of values for multiple values.
> Inquiry on 24/07/18 the mailing list about this feature. Patch is forthcoming.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
