A great way to handle this is to use additional technology like DB2Rest to automatically create an API endpoint for your database and then work with the URL parameters. I can attest that it’s already being used by large companies to migrate legacy databases and enable fast frontend development. The bonus is that it mitigates SQL Injections because it uses prepared statements as well as becomes an automatic API gateway for your database.
https://db2rest.com Thad https://www.linkedin.com/in/thadguidry/ https://calendly.com/thadguidry/ On Thu, Nov 14, 2024 at 11:57 PM hansva (via GitHub) <[email protected]> wrote: > > GitHub user hansva added a comment to the discussion: How to get data from > a database with a constructed query? > > This is where you hit the limits of what is possible. > You could indeed compose the query insert it in a Hop variable and use > that variable to execute the query, but as you have stated this would allow > any part of the query to be modified. > Prepared statements on the other hand are a safe way to inject values into > a query but they can't be used to modify the statement on runtime. > > What I have done in the past if the goal is to enable/disable specific > filters in the where clause is adding a void condition > > ``` > Select * from my_table > where > (field = ? or 1=?) > ``` > > By providing a 0 or 1 in the second position you essentially enable or > disable that condition > > > GitHub link: > https://github.com/apache/hop/discussions/4566#discussioncomment-11256468 > > ---- > This is an automatically sent email for [email protected]. > To unsubscribe, please send an email to: [email protected] > >
