Properly use prepared statements instead of injecting values into "insert" and
"update" SQL statements
------------------------------------------------------------------------------------------------------
Key: ISIS-10
URL: https://issues.apache.org/jira/browse/ISIS-10
Project: Isis
Issue Type: Improvement
Components: Alternatives: ObjectStore: SQL
Affects Versions: 0.1
Reporter: Kevin Meyer
Assignee: Kevin Meyer
Priority: Minor
At the moment, all "insert" and "update" commands use a fully formed SQL string
with embedded values:
"insert into SQLDATACLASS (PK_ID, color,date_time) values (2252,
'0','2010-03-05 22:23:000000')".
This should be updated to "insert into SQLDATACLASS (PK_ID, color,date_time)
values (?,?,?)".
This should also solve issues with quoting values such as (especially affecting
DB2) quoting integer, float, etc, non-string values. DB2 is throwing an
exception when integers and floats are quoted ('1') instead of (1).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
