I actually was instantiating PostgresqlExpression in my code, but I cleaned it up for the e-mail. This is nifty to keep it database agnostic though. Thanks!
-Mike On Nov 9, 2011, at 1:38 PM, Mike Schrag wrote: EODatabaseContext dbc = EOUtilities.databaseContextForModelNamed(ec, model.name<http://model.name>()); EOSQLExpressionFactory sqlFactory = dbc.adaptorContext().adaptor().expressionFactory(); (adaptor().expressionFactory just calls plugIn().expressionFactory() for JDBC) ms On Nov 9, 2011, at 1:34 PM, Mike Schrag wrote: that's not exactly right ... you want to get an expression from an expressionfactory from your jdbcplugin implementation. ms On Nov 9, 2011, at 1:30 PM, Michael Gargano wrote: So, for future posterity and to help myself again when I need it... EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class); JDBCExpression exp = new JDBCExpression(entity); exp.setUseBindVariables(true); exp.setStatement(sqlStatement); exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY), ID)); exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY), new NSTimestamp(year))); NSArray<NSDictionary> rows = ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp); And now, SQL injection attacks have been avoided and the planet is once again safe! -Mike On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote: Okay, let me come at this one another way because this doesn't seem to be panning out at all. I want to write a complicated SQL query across multiple tables and return a bunch of columns across those tables as an array of dictionaries. I know EOUtilities.rawRowsForSQLExpression will do this, but I want to have the parameters I'm passing into my expression to be parameterized as to prevent SQL injection attacks. Any Ideas? Thanks. -Mike On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote: Hi, Does anyone have any examples of how to use ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings? Two questions: 1) It seems like it should support named parameters since ERXKeyValueBinding implements ERXSQLBinding, but I can't figure out how the parameter placeholders should look in the query 2) Since I couldn't figure out 1(above) I was just using ERXObjectBindings and the parameter placeholder '?'. It seems to like this much better but when I pass a date in as a parameter it chokes on postgresql. Anyone ever use this utility method? Much thanks. -Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]<mailto:[email protected]>) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com This email sent to [email protected]<mailto:[email protected]> _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]<mailto:[email protected]>) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/mschrag%40pobox.com This email sent to [email protected]<mailto:[email protected]>
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
