[
https://issues.apache.org/jira/browse/ISIS-10?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Haywood closed ISIS-10.
---------------------------
> Properly use prepared statements instead of injecting values into "insert"
> and "update" SQL statements
> ------------------------------------------------------------------------------------------------------
>
> Key: ISIS-10
> URL: https://issues.apache.org/jira/browse/ISIS-10
> Project: Isis
> Issue Type: Improvement
> Components: Runtimes: Dflt: Objectstores: SQL
> Affects Versions: 0.1.2-incubating
> Reporter: Kevin Meyer
> Assignee: Kevin Meyer
> Priority: Minor
> Fix For: 0.2.0-incubating
>
> Original Estimate: 168h
> Time Spent: 12h
> Remaining Estimate: 40h
>
> At the moment, all "insert" and "update" commands use a fully formed SQL
> string with embedded values:
> "insert into SQLDATACLASS (PK_ID, color,date_time) values (2252,
> '0','2010-03-05 22:23:000000')".
> This should be updated to "insert into SQLDATACLASS (PK_ID, color,date_time)
> values (?,?,?)".
> This should also solve issues with quoting values such as (especially
> affecting DB2) quoting integer, float, etc, non-string values. DB2 is
> throwing an exception when integers and floats are quoted ('1') instead of
> (1).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
