Hi Vijay, The risk of SQL injection is eliminated in both cases because MetaModel ensures the proper quoting of any value. It is not related to whether you use compiled queries or not.
In the world of relational databases, a "compiled query" translates into a prepared statement that can be reused again and again. See http://wiki.apache.org/metamodel/examples/CompiledQueries for details on the concept. Regular/uncompiled queries are passed to the database in one go and then forgotten. Many times that works just fine, and is a sensible default. But if you have the same type of query being fired again and again, then it typically makes sense to compile it. Best regards, Kasper 2016-10-13 12:02 GMT-07:00 Vijay Kumar Jalagari <jalag...@adobe.com>: > Hi, > > According to API document compiled query is for provide optimized > execution speed but if we are using SatisfiedQueryBuilder is there any > chances of SQL injection? > > What is advantage of SatistiedQueryBuilder over compiled query? > > > Regards, > Vijay Kumar J >
