cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Puech <ch...@yahoo.com>
Subject Re : Problems with prepared statements
Date Wed, 06 Dec 2006 15:30:10 GMT
I don't want to receive this email anymore !!!
Thanks !

----- Message d'origine ----
De : Øyvind Harboe <oyvind.harboe@zylin.com>
À : cayenne-user@incubator.apache.org
Envoyé le : Jeudi, 30 Novembre 2006, 11h35mn 35s
Objet : Re: Problems with prepared statements


On 11/29/06, Tore Halset <halset@pvv.ntnu.no> wrote:
> On Nov 29, 2006, at 12:42 , Øyvind Harboe wrote:
>
> > So the MS Access adapter should contain a proxy jdbc driver that
> > "unprepares" statements?
>
> This is not related to cayenne at all, so it will be independant of
> the adapter.
>
> > I've never written a proxy jdbc driver nor have I unprepared
> > statements, but it sounds like fun. :-)
>
> You should know about all the bad things that can happen if you stop
> using prepared statements. Like security issues with sql injection.
>
> Create your own java.sql.Driver, Connection and PreparedStatement.
> Your Driver can handle jdbc urls like "myhack:jdbc:othervendor..".
> Your Connection wrap a underlying connection from the real database
> and forward all calls to that connection except for the calls that
> create PreparedStatements. Your PreparedStatement should wrap a
> standard Statement from the underlying jdbc driver. It should collect
> all parameters and convert the prepare sql sentence to a non-prepared
> sql sentence. You will get into lots of trouble with String escaping
> and so on... This is indeed the wrong path to follow.

Yuk! If I can't fix this in Cayenne, then I'll try to add some more
workarounds in the application.

At application my workaround is to use Expression.filterObjects()
instead of using a qualifier during the query if the query throws an
exception.

-- 
Øyvind Harboe
http://www.zylin.com


	

	
		
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses

http://fr.answers.yahoo.com

Mime
View raw message