[
https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17149358#comment-17149358
]
Manthan Surkar commented on FINERACT-1058:
------------------------------------------
[~vorburger] I have noticed a problem, our final aim here is to remove all use
of validateSQLinput function (right?), in that case, we cannot use the function
*this.columnValidator.validateSqlInjection(sqlBuilder.toString(),
parameters.orderBySql()); * Since this function then calls validateSQLinput,
(which is the current implementation) also this happens in audit trails (Which
we initially fixed and I am taking it as a base to work for other sections).
Should I be focused on removing validateSqlInjection function ( which calls
validateSQLinput)?(which then would mean changes in about 25-30 files,
converting all order by and limit as called by the new approach? or just clean
up the use of extra criteria with prepared statements (which was done with
audit trails?)
> Add support for "limit" and "order by" query in SQLBuilder
> -----------------------------------------------------------
>
> Key: FINERACT-1058
> URL: https://issues.apache.org/jira/browse/FINERACT-1058
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Manthan Surkar
> Assignee: Manthan Surkar
> Priority: Major
> Fix For: 1.4.0
>
> Attachments: screenshot-1.png
>
>
> This is in continuation of the work done by [~vorburger] in
> https://github.com/apache/fineract/pull/725
> The SQL builder currently does not support limit and order by operation. We
> can either keep the operations independent of SQLbuilder (which is certainly
> not recommended imo) or add it as a part of it.
> WDYT [~vorburger] [~awasum]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
