Re: Safe update and select queries against Fuseki with user input

Wed, 06 Jan 2016 03:49:32 -0800 

Thanks,



I looked into that one, however it says it shouldn’t be considered a safe 
solution. It’s more of a better-than-nothing.

Håvard



On 06/01/16 12:44, "Rob Vesse" <[email protected]> wrote:

>Please see the ParameterizedSparqlString class:
>
>http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/query/Para
>meterizedSparqlString.html
>
>
>See also the user documentation on this at:
>
>https://jena.apache.org/documentation/query/parameterized-sparql-strings.ht
>ml
>
>Rob
>
>On 06/01/2016 11:02, "Håvard Mikkelsen Ottestad"
><[email protected]> wrote:
>
>>Sorry about how that looked.
>>
>>Should look like this:
>>-----------------
>>
>>Hi,
>>
>>I know that it’s possible to do safe queries with Jena using a
>>QuerySolution for both update queries and select queries.
>>
>>Ex.
>>
>>UpdateExecutionFactory
>>
>>create(Update update, Dataset dataset, QuerySolution inputBinding)
>>
>>
>>
>>Is it possible to do something similar when running these queries against
>>Fuseki over HTTP?
>>
>>My scenario at the moment: Create a user with a username and email
>>provided by the user. To be safe, for SQL, I would use a prepared
>>statement. In Jena I would normally use a QuerySolution.
>>
>>Regards,
>>Håvard M. Ottestad
>>
>>
>>-----------------
>>
>>
>>
>>
>>
>>
>>
>>
>>On 06/01/16 11:42, "Håvard Mikkelsen Ottestad"
>><[email protected]> wrote:
>>
>>>Hi,
>>>
>>>I know that it’s possible to do safe queries with Jena using a
>>>QuerySolution for both update queries and select queries.
>>>
>>>Ex.
>>>
>>>UpdateExecutionFactory
>>>
>>>create<https://jena.apache.org/documentation/javadoc/arq/org/apache/jena/
>>>update/UpdateExecutionFactory.html#create-org.apache.jena.update.Update-o
>>>rg.apache.jena.query.Dataset-org.apache.jena.query.QuerySolution->(Update
>>><https://jena.apache.org/documentation/javadoc/arq/org/apache/jena/update
>>>/Update.html> update,
>>>Dataset<https://jena.apache.org/documentation/javadoc/arq/org/apache/jena
>>>/query/Dataset.html>
>>>dataset,QuerySolution<https://jena.apache.org/documentation/javadoc/arq/o
>>>rg/apache/jena/query/QuerySolution.html> inputBinding)
>>>
>>>Is it possible to do something similar when running these queries
>>>against Fuseki over HTTP?
>>>
>>>My scenario at the moment: Create a user with a username and email
>>>provided by the user. To be safe, for SQL, I would use a prepared
>>>statement. In Jena I would normally use a QuerySolution.
>>>
>>>Regards,
>>>Håvard M. Ottestad
>
>
>
>

Reply via email to