metamodel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kasper Sørensen <i.am.kasper.soren...@gmail.com>
Subject Re: Compiled Query vs SatisfiedQueryBuilder
Date Thu, 13 Oct 2016 19:33:52 GMT
Hi Vijay,

The risk of SQL injection is eliminated in both cases because MetaModel
ensures the proper quoting of any value. It is not related to whether you
use compiled queries or not.

In the world of relational databases, a "compiled query" translates into a
prepared statement that can be reused again and again. See
http://wiki.apache.org/metamodel/examples/CompiledQueries for details on
the concept.

Regular/uncompiled queries are passed to the database in one go and then
forgotten. Many times that works just fine, and is a sensible default. But
if you have the same type of query being fired again and again, then it
typically makes sense to compile it.

Best regards,
Kasper

2016-10-13 12:02 GMT-07:00 Vijay Kumar Jalagari <jalagari@adobe.com>:

> Hi,
>
> According to API document compiled query is for provide optimized
> execution speed but if we are using SatisfiedQueryBuilder is there any
> chances of SQL injection?
>
> What is advantage of SatistiedQueryBuilder over compiled query?
>
>
> Regards,
> Vijay Kumar J
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message