I'm not sure why that is a problem? Any sort of prepared statement functionality is always going to be best effort and can only protect against attacks that the designers foresaw
Rob On 06/01/2016 11:48, "Håvard Mikkelsen Ottestad" <[email protected]> wrote: >Thanks, > > > >I looked into that one, however it says it shouldn’t be considered a safe >solution. It’s more of a better-than-nothing. > >Håvard > > > >On 06/01/16 12:44, "Rob Vesse" <[email protected]> wrote: > >>Please see the ParameterizedSparqlString class: >> >>http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/query/Pa >>ra >>meterizedSparqlString.html >> >> >>See also the user documentation on this at: >> >>https://jena.apache.org/documentation/query/parameterized-sparql-strings. >>ht >>ml >> >>Rob >> >>On 06/01/2016 11:02, "Håvard Mikkelsen Ottestad" >><[email protected]> wrote: >> >>>Sorry about how that looked. >>> >>>Should look like this: >>>----------------- >>> >>>Hi, >>> >>>I know that it’s possible to do safe queries with Jena using a >>>QuerySolution for both update queries and select queries. >>> >>>Ex. >>> >>>UpdateExecutionFactory >>> >>>create(Update update, Dataset dataset, QuerySolution inputBinding) >>> >>> >>> >>>Is it possible to do something similar when running these queries >>>against >>>Fuseki over HTTP? >>> >>>My scenario at the moment: Create a user with a username and email >>>provided by the user. To be safe, for SQL, I would use a prepared >>>statement. In Jena I would normally use a QuerySolution. >>> >>>Regards, >>>Håvard M. Ottestad >>> >>> >>>----------------- >>> >>> >>> >>> >>> >>> >>> >>> >>>On 06/01/16 11:42, "Håvard Mikkelsen Ottestad" >>><[email protected]> wrote: >>> >>>>Hi, >>>> >>>>I know that it’s possible to do safe queries with Jena using a >>>>QuerySolution for both update queries and select queries. >>>> >>>>Ex. >>>> >>>>UpdateExecutionFactory >>>> >>>>create<https://jena.apache.org/documentation/javadoc/arq/org/apache/jen >>>>a/ >>>>update/UpdateExecutionFactory.html#create-org.apache.jena.update.Update >>>>-o >>>>rg.apache.jena.query.Dataset-org.apache.jena.query.QuerySolution->(Upda >>>>te >>>><https://jena.apache.org/documentation/javadoc/arq/org/apache/jena/upda >>>>te >>>>/Update.html> update, >>>>Dataset<https://jena.apache.org/documentation/javadoc/arq/org/apache/je >>>>na >>>>/query/Dataset.html> >>>>dataset,QuerySolution<https://jena.apache.org/documentation/javadoc/arq >>>>/o >>>>rg/apache/jena/query/QuerySolution.html> inputBinding) >>>> >>>>Is it possible to do something similar when running these queries >>>>against Fuseki over HTTP? >>>> >>>>My scenario at the moment: Create a user with a username and email >>>>provided by the user. To be safe, for SQL, I would use a prepared >>>>statement. In Jena I would normally use a QuerySolution. >>>> >>>>Regards, >>>>Håvard M. Ottestad >> >> >> >>
