Re: Raw SQL with bindings

[Michael Gargano]

So, for future posterity and to help myself again when I need it...

    EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class);
    JDBCExpression exp = new JDBCExpression(entity);
    exp.setUseBindVariables(true);
    exp.setStatement(sqlStatement);



    
exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY),
 ID));
    
exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY),
 new NSTimestamp(year)));



    NSArray<NSDictionary> rows =
    ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp);


And now, SQL injection attacks have been avoided and the planet is once again 
safe!

-Mike



On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote:

Okay, let me come at this one another way because this doesn't seem to be 
panning out at all.  I want to write a complicated SQL query across multiple 
tables and return a bunch of columns across those tables as an array of 
dictionaries.  I know EOUtilities.rawRowsForSQLExpression will do this, but I 
want to have the parameters I'm passing into my expression to be parameterized 
as to prevent SQL injection attacks.

Any Ideas?
Thanks.
-Mike

On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote:

Hi,

Does anyone have any examples of how to use 
ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings?

Two questions:
1) It seems like it should support named parameters since ERXKeyValueBinding 
implements ERXSQLBinding, but I can't figure out how the parameter placeholders 
should look in the query
2) Since I couldn't figure out 1(above) I was just using ERXObjectBindings and 
the parameter placeholder '?'.  It seems to like this much better but when I 
pass a date in as a parameter it chokes on postgresql.

Anyone ever use this utility method?

Much thanks.
-Mike

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      
(Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com

This email sent to mgarg...@escholar.com<mailto:mgarg...@escholar.com>



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com