[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder

Mon, 29 Jun 2020 13:10:00 -0700 


    [ 
https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148115#comment-17148115
 ] 

Michael Vorburger commented on FINERACT-1058:
---------------------------------------------

[~Manthan] I envisioned 
{{org.apache.fineract.infrastructure.security.utils.SQLBuilder}} to mainly ;) 
be a (quote from JavaDoc) _Utility to assemble the WHERE clause of an SQL query 
without the risk of SQL injection._... but I was assuming that _LIMIT_ and 
_ORDER BY_ operations are typically fixed, and don't come from parameters - is 
that a fair assumption, or have you come across code where that's not so? I 
guess sometimes they could be user supplied... so then for those cases this 
idea makes perfect sense!

The "danger" is that SQLBuilder becomes more complex - something like the full 
SQL from FINERACT-1054, with the {{JOIN}} etc. couldn't easily be constructed 
with the SQLBuilder - only parts of something like that, and that's totally 
fine (this is just for illustration, in that particular case, it's a 
{{RowMapper}}, so no SQLBuilder required theere at all). But just adding 
support for LIMIT_ and _ORDER BY_ is probably OK - go for it! Best is to 
directly illustrate how you would use it in one case in the same PR you raise 
for introducing it (and add test coverage into the existing {{SQLBuilderTest}}).

> Add support for "limit" and "order by" query in SQLBuilder 
> -----------------------------------------------------------
>
>                 Key: FINERACT-1058
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1058
>             Project: Apache Fineract
>          Issue Type: Improvement
>            Reporter: Manthan Surkar
>            Assignee: Manthan Surkar
>            Priority: Major
>
> This is in continuation of the work done by [~vorburger] in 
> https://github.com/apache/fineract/pull/725 
> The SQL builder currently does not support limit and order by operation. We 
> can either keep the operations independent of SQLbuilder (which is certainly 
> not recommended imo) or add it as a part of it.
> WDYT [~vorburger] [~awasum]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to