EODatabaseContext dbc = EOUtilities.databaseContextForModelNamed(ec, model.name()); EOSQLExpressionFactory sqlFactory = dbc.adaptorContext().adaptor().expressionFactory();
(adaptor().expressionFactory just calls plugIn().expressionFactory() for JDBC) ms On Nov 9, 2011, at 1:34 PM, Mike Schrag wrote: > that's not exactly right ... you want to get an expression from an > expressionfactory from your jdbcplugin implementation. > > ms > > On Nov 9, 2011, at 1:30 PM, Michael Gargano wrote: > >> So, for future posterity and to help myself again when I need it... >> >> EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class); >> JDBCExpression exp = new JDBCExpression(entity); >> exp.setUseBindVariables(true); >> exp.setStatement(sqlStatement); >> >> >> exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY), >> ID)); >> >> exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY), >> new NSTimestamp(year))); >> >> NSArray<NSDictionary> rows = >> ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp); >> >> >> And now, SQL injection attacks have been avoided and the planet is once >> again safe! >> >> -Mike >> >> >> >> On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote: >> >>> Okay, let me come at this one another way because this doesn't seem to be >>> panning out at all. I want to write a complicated SQL query across >>> multiple tables and return a bunch of columns across those tables as an >>> array of dictionaries. I know EOUtilities.rawRowsForSQLExpression will do >>> this, but I want to have the parameters I'm passing into my expression to >>> be parameterized as to prevent SQL injection attacks. >>> >>> Any Ideas? >>> Thanks. >>> -Mike >>> >>> On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote: >>> >>>> Hi, >>>> >>>> Does anyone have any examples of how to use >>>> ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings? >>>> >>>> Two questions: >>>> 1) It seems like it should support named parameters since >>>> ERXKeyValueBinding implements ERXSQLBinding, but I can't figure out how >>>> the parameter placeholders should look in the query >>>> 2) Since I couldn't figure out 1(above) I was just using >>>> ERXObjectBindings and the parameter placeholder '?'. It seems to like >>>> this much better but when I pass a date in as a parameter it chokes on >>>> postgresql. >>>> >>>> Anyone ever use this utility method? >>>> >>>> Much thanks. >>>> -Mike >>>> >>>> _______________________________________________ >>>> Do not post admin requests to the list. They will be ignored. >>>> Webobjects-dev mailing list ([email protected]) >>>> Help/Unsubscribe/Update your Subscription: >>>> http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com >>>> >>>> This email sent to [email protected] >>> >> >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Webobjects-dev mailing list ([email protected]) >> Help/Unsubscribe/Update your Subscription: >> http://lists.apple.com/mailman/options/webobjects-dev/mschrag%40pobox.com >> >> This email sent to [email protected] >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
