I don't want to receive this email anymore !!!
Thanks !
----- Message d'origine ----
De : Øyvind Harboe <oyvind.harbo..ylin.com>
À : cayenne-use..ncubator.apache.org
Envoyé le : Jeudi, 30 Novembre 2006, 11h35mn 35s
Objet : Re: Problems with prepared statements
On 11/29/06, Tore Halset <halse..vv.ntnu.no> wrote:
> On Nov 29, 2006, at 12:42 , Øyvind Harboe wrote:
>
> > So the MS Access adapter should contain a proxy jdbc driver that
> > "unprepares" statements?
>
> This is not related to cayenne at all, so it will be independant of
> the adapter.
>
> > I've never written a proxy jdbc driver nor have I unprepared
> > statements, but it sounds like fun. :-)
>
> You should know about all the bad things that can happen if you stop
> using prepared statements. Like security issues with sql injection.
>
> Create your own java.sql.Driver, Connection and PreparedStatement.
> Your Driver can handle jdbc urls like "myhack:jdbc:othervendor..".
> Your Connection wrap a underlying connection from the real database
> and forward all calls to that connection except for the calls that
> create PreparedStatements. Your PreparedStatement should wrap a
> standard Statement from the underlying jdbc driver. It should collect
> all parameters and convert the prepare sql sentence to a non-prepared
> sql sentence. You will get into lots of trouble with String escaping
> and so on... This is indeed the wrong path to follow.
Yuk! If I can't fix this in Cayenne, then I'll try to add some more
workarounds in the application.
At application my workaround is to use Expression.filterObjects()
instead of using a qualifier during the query if the query throws an
exception.
--
Øyvind Harboe
http://www.zylin.com
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
This archive was generated by hypermail 2.0.0 : Wed Dec 06 2006 - 10:37:25 EST