db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lance Andersen - Oracle <Lance.Ander...@oracle.com>
Subject Re: [jira] [Commented] (DERBY-3676) Make the toString() method of Derby PreparedStatements print out SQL text with ? parameters replaced by the values that have been set so far
Date Wed, 17 Aug 2011 18:47:41 GMT
Question, I have from a security P.O.V., would you want to do this without requiring a security
permission?  I did not notice a permission check anywhere unless i missed it which could be
possible.

What if  the data needs to be secured such as an SSN or bank account number?

Best
Lance
On Aug 17, 2011, at 2:40 PM, Dag H. Wanvik (JIRA) wrote:

> 
>    [ https://issues.apache.org/jira/browse/DERBY-3676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13086507#comment-13086507
] 
> 
> Dag H. Wanvik commented on DERBY-3676:
> --------------------------------------
> 
> Looks good. One nit: I presume the single ":" in "parameter #1:" is
> part of the lead text for printing that parameter, indicating "this is
> what it is". If so, would it be more readable to have something else
> that "::" to delimit the parameters? (presuming "::" is a delimiter)
> 
> Something like:
> 
> CacheId:6c44409f-0131-d546-4475-0000030d5ec8::INSERT INTO
> Orders1(ID,dBlob) VALUES(?,?) [parameter #1: 1] [parameter #2:
> BLOB(org.apache.derby.iapi.types.RawToBinaryFormatStream@5c2a1ed)]
> 
> Or even more terse (my preference):
> 
> CacheId:6c44409f-0131-d546-4475-0000030d5ec8::INSERT INTO
> Orders1(ID,dBlob) VALUES(?,?) [#1: 1] 
> [#2: BLOB(org.apache.derby.iapi.types.RawToBinaryFormatStream@5c2a1ed)]
> 
> (omitting the text "parameter ")
> 
>> Make the toString() method of Derby PreparedStatements print out SQL text with ?
parameters replaced by the values that have been set so far
>> --------------------------------------------------------------------------------------------------------------------------------------------
>> 
>>                Key: DERBY-3676
>>                URL: https://issues.apache.org/jira/browse/DERBY-3676
>>            Project: Derby
>>         Issue Type: Improvement
>>         Components: JDBC
>>           Reporter: Rick Hillegas
>>           Assignee: Siddharth Srivastava
>>        Attachments: humanstringprepared.txt, humanstringprepared.txt, humanstringprepared.txt,
humanstringprepared.txt, humanstringprepared.txt, humanstringprepared.txt, humanstringprepared.txt,
ick.txt, ick.txt, prepared.diff, statementCacheVTI.sql
>> 
>> 
>> This topic came up in the following email thread on the user list: http://www.nabble.com/PreparedStatement.toString%28%29---nice-formatting-td17250811.html#a17250811
Here's what the thread requests: 
>> "In mysql, a toString() on a PreparedStatement will do this, eg "select x
>> from foo where x.a = ?" will become "select x from foo where x.a = 1" with
>> the appropriate setValue() call."
>> At first blush, this seems like it might be a simple project for a newcomer.
> 
> --
> This message is automatically generated by JIRA.
> For more information on JIRA, see: http://www.atlassian.com/software/jira
> 
> 


Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering 
1 Network Drive 
Burlington, MA 01803
Lance.Andersen@oracle.com


Mime
View raw message