On 11/29/06, Tore Halset <halse..vv.ntnu.no> wrote:
> On Nov 29, 2006, at 12:42 , Øyvind Harboe wrote:
>
> > So the MS Access adapter should contain a proxy jdbc driver that
> > "unprepares" statements?
>
> This is not related to cayenne at all, so it will be independant of
> the adapter.
>
> > I've never written a proxy jdbc driver nor have I unprepared
> > statements, but it sounds like fun. :-)
>
> You should know about all the bad things that can happen if you stop
> using prepared statements. Like security issues with sql injection.
>
> Create your own java.sql.Driver, Connection and PreparedStatement.
> Your Driver can handle jdbc urls like "myhack:jdbc:othervendor..".
> Your Connection wrap a underlying connection from the real database
> and forward all calls to that connection except for the calls that
> create PreparedStatements. Your PreparedStatement should wrap a
> standard Statement from the underlying jdbc driver. It should collect
> all parameters and convert the prepare sql sentence to a non-prepared
> sql sentence. You will get into lots of trouble with String escaping
> and so on... This is indeed the wrong path to follow.
Yuk! If I can't fix this in Cayenne, then I'll try to add some more
workarounds in the application.
At application my workaround is to use Expression.filterObjects()
instead of using a qualifier during the query if the query throws an
exception.
-- Øyvind Harboe http://www.zylin.com
This archive was generated by hypermail 2.0.0 : Thu Nov 30 2006 - 05:36:08 EST