Hi Vijay,

The risk of SQL injection is eliminated in both cases because MetaModel
ensures the proper quoting of any value. It is not related to whether you
use compiled queries or not.

In the world of relational databases, a "compiled query" translates into a
prepared statement that can be reused again and again. See
http://wiki.apache.org/metamodel/examples/CompiledQueries for details on
the concept.

Regular/uncompiled queries are passed to the database in one go and then
forgotten. Many times that works just fine, and is a sensible default. But
if you have the same type of query being fired again and again, then it
typically makes sense to compile it.

Best regards,

2016-10-13 12:02 GMT-07:00 Vijay Kumar Jalagari <jalag...@adobe.com>:

> Hi,
> According to API document compiled query is for provide optimized
> execution speed but if we are using SatisfiedQueryBuilder is there any
> chances of SQL injection?
> What is advantage of SatistiedQueryBuilder over compiled query?
> Regards,
> Vijay Kumar J

Reply via email to