that's not exactly right ... you want to get an expression from an expressionfactory from your jdbcplugin implementation.
ms On Nov 9, 2011, at 1:30 PM, Michael Gargano wrote: > So, for future posterity and to help myself again when I need it... > > EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class); > JDBCExpression exp = new JDBCExpression(entity); > exp.setUseBindVariables(true); > exp.setStatement(sqlStatement); > > > exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY), > ID)); > > exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY), > new NSTimestamp(year))); > > NSArray<NSDictionary> rows = > ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp); > > > And now, SQL injection attacks have been avoided and the planet is once again > safe! > > -Mike > > > > On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote: > >> Okay, let me come at this one another way because this doesn't seem to be >> panning out at all. I want to write a complicated SQL query across multiple >> tables and return a bunch of columns across those tables as an array of >> dictionaries. I know EOUtilities.rawRowsForSQLExpression will do this, but >> I want to have the parameters I'm passing into my expression to be >> parameterized as to prevent SQL injection attacks. >> >> Any Ideas? >> Thanks. >> -Mike >> >> On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote: >> >>> Hi, >>> >>> Does anyone have any examples of how to use >>> ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings? >>> >>> Two questions: >>> 1) It seems like it should support named parameters since >>> ERXKeyValueBinding implements ERXSQLBinding, but I can't figure out how the >>> parameter placeholders should look in the query >>> 2) Since I couldn't figure out 1(above) I was just using >>> ERXObjectBindings and the parameter placeholder '?'. It seems to like this >>> much better but when I pass a date in as a parameter it chokes on >>> postgresql. >>> >>> Anyone ever use this utility method? >>> >>> Much thanks. >>> -Mike >>> >>> _______________________________________________ >>> Do not post admin requests to the list. They will be ignored. >>> Webobjects-dev mailing list ([email protected]) >>> Help/Unsubscribe/Update your Subscription: >>> http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com >>> >>> This email sent to [email protected] >> > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/mschrag%40pobox.com > > This email sent to [email protected]
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
