Re : Problems with prepared statements

From: Yann Puech (chue..ahoo.com)
Date: Wed Dec 06 2006 - 10:30:10 EST

Next message: Yann Puech: "Re : Re: best practice for handling database schema changes"

Previous message: Yann Puech: "Re : best practice for handling database schema changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't want to receive this email anymore !!! Thanks ! ----- Message d'origine ---- De : Øyvind Harboe <oyvind.harbo..ylin.com> À : cayenne-use..ncubator.apache.org Envoyé le : Jeudi, 30 Novembre 2006, 11h35mn 35s Objet : Re: Problems with prepared statements On 11/29/06, Tore Halset <halse..vv.ntnu.no> wrote: > On Nov 29, 2006, at 12:42 , Øyvind Harboe wrote: > > > So the MS Access adapter should contain a proxy jdbc driver that > > "unprepares" statements? > > This is not related to cayenne at all, so it will be independant of > the adapter. > > > I've never written a proxy jdbc driver nor have I unprepared > > statements, but it sounds like fun. :-) > > You should know about all the bad things that can happen if you stop > using prepared statements. Like security issues with sql injection. > > Create your own java.sql.Driver, Connection and PreparedStatement. > Your Driver can handle jdbc urls like "myhack:jdbc:othervendor..". > Your Connection wrap a underlying connection from the real database > and forward all calls to that connection except for the calls that > create PreparedStatements. Your PreparedStatement should wrap a > standard Statement from the underlying jdbc driver. It should collect > all parameters and convert the prepare sql sentence to a non-prepared > sql sentence. You will get into lots of trouble with String escaping > and so on... This is indeed the wrong path to follow. Yuk! If I can't fix this in Cayenne, then I'll try to add some more workarounds in the application. At application my workaround is to use Expression.filterObjects() instead of using a qualifier during the query if the query throws an exception. -- Øyvind Harboe http://www.zylin.com ___________________________________________________________________________ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com

Next message: Yann Puech: "Re : Re: best practice for handling database schema changes"
Previous message: Yann Puech: "Re : best practice for handling database schema changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Wed Dec 06 2006 - 10:37:25 EST