logo
down
shadow

Remediating dynamic SQL into prepared statements


Remediating dynamic SQL into prepared statements

Content Index :

Remediating dynamic SQL into prepared statements
Tag : java , By : user165781
Date : November 29 2020, 04:01 AM

hop of those help? If I understand the question correctly, you want to dynamically construct PreparedStatement objects at runtime, without knowing parameter types in those statements, probably so that you code can work with different tables?
From that I conclude that you need to find out the column data types and call appropriate PreparedStatement.set* methods.

Comments
No Comments Right Now !

Boards Message :
You Must Login Or Sign Up to Add Your Comments .

Share : facebook icon twitter icon

Are Dynamic Prepared Statements Bad? (with php + mysqli)


Tag : php , By : Frank Bradley
Date : March 29 2020, 07:55 AM
This might help you I like the flexibility of Dynamic SQL and I like the security + improved performance of Prepared Statements. So what I really want is Dynamic Prepared Statements, which is troublesome to make because bind_param and bind_result accept "fixed" number of arguments. So I made use of an eval() statement to get around this problem. But I get the feeling this is a bad idea. Here's example code of what I mean , I think it is dangerous to use eval() here.
Try this:
call_user_func_array(array($stmt, 'bind_param'), array($types)+$param);

Working with dynamic prepared statements in PDO


Tag : php , By : davidg
Date : March 29 2020, 07:55 AM
wish help you to fix your issue I'd create separate (protected) functions, those return a prepared statement that only needs to be executed.
/**
* @returns PDOStatement
*/
protected function prepareStatementForCase1(PDO $dbObject,Object $dataToBind){...}
/**
* @returns PDOStatement
*/
protected function prepareStatementForCase2(PDO $dbObject,Object $dataToBind){...}
class Document{
  protected $dbObject;

  public function __construct(PDO $dbObject){
    $this->dbObject=$dbObject;
  }
  public function doQuery($paramOne,$paramTwo,...){
    $logicalFormulaOne=...; // logical expression here with parameters
    $logicalFormulaTwo=...; // logical expression here with parameters
    if($logicalForumlaOne){
      $dbStatement=$this->prepareStatementForCase1($dataToBind);
    }else if($logicalFormuleTwo){
      $dbStatement=$this->prepareStatementForCase2($dataToBind);
    }
    $dbResult=$dbStatement->execute();
  }
  protected function prepareStatementForCase1(Object $dataToBind){
    $dbStatement=$this->dbObject->prepare("query string");
    $dbStatement->bindParam(...);
    return $dbStatement;
  }
}

Prepared Statements with dynamic WHERE clause


Tag : php , By : jgood
Date : March 29 2020, 07:55 AM
seems to work fine For a prepared statement with a WHERE clause you have to specify what values will be specified later, for instance:
SELECT * FROM table WHERE ID=?
function query($query, $param, $where)
{
$query = $mysql->prepare($query);
$query->bind_param($param, $where);
$query->execute();

...

} 
$results=query("SELECT * FROM table WHERE Id=?","s","1");
class query
{
  public $query;
  public $param;
  public $where;
}

$query=new query();
$query->query="SELECT * FROM Table WHERE group=? AND name like ?";
$query->param="ss";
$query->where = array();
$query->where[]="administrators";
$query->where[]="sam";
function SQLCall(query $query)
{
$db = $mysql->prepare($query->query);
call_user_func_array(array(&$db, 'bind_param'), $where)
$db->execute();

...

}

How can I tell JPA to use prepared statements (or dynamic sql)?


Tag : jpa , By : rhinojosa
Date : March 29 2020, 07:55 AM
it should still fix some issue I concur with Michele in that generally prepared statements are used by the underlying JPA provider/implementer. To assure that your statements are prepared and results cached (should you desire this) using standard JPA please see my response here:
How to use PreparedStatement efficiently?

What are prepared statements? How are they different from dynamic sql?


Tag : sql , By : al.
Date : March 29 2020, 07:55 AM
Related Posts Related QUESTIONS :
  • what this line of code mean....new URLClassLoader(new URL[0],getClass().getClassLoader());
  • Why do need to use new Random() instead of just Random Randomnum?
  • I want to access zk components from the java file
  • How do I cast FieldValue.serverTimestamp() to Kotlin/Java Date Class
  • Insertion Sort Double Array with User Input - JAVA
  • Creating 2 dimesional array with user input and find sum of specific columns
  • can not get Advertising ID Provider in android
  • Convert list of Objects to map of properties
  • How to represent an undirected weighted graph in java
  • Return values as array from collection
  • ByteBuddy generic method return cast to concrete type
  • ImageView hides the round corners of the parent
  • Is there a way to find setter method by its getter method or vice versa in a class?
  • Get aggregated list of properties from list of Objects(Java 8)
  • Unable to find a document in Mongodb where exact date match in java
  • UsernamePasswordAuthenticationFilter skips success handler
  • Use Java filter on stream with in a stream filter
  • Default Login not successful in spring boot 2.1.7
  • Adding key value pairs from a file to a Hashmap
  • Rub regex: matching a char except when after by another char
  • Convert Base64 String to String Array
  • Escape Unicode Character 'POPCORN' to HTML Entity
  • An empty JSON field which is a boolean/nullable field in Java model, is getting converted as null
  • Mongo java driver cannot find public constructor for interface
  • How to unit test writing a file to AWS Lambda output stream?
  • How to make a GitHub GraphQL API Call from Java
  • What's the difference between @ComponentScan and @Bean in a context configuration?
  • Expected class or package adding a view using a class
  • can be delete of a element in a static array be O(1)?
  • Instance variable heap or stack ? ( with specific example)
  • Assert progress of ProgressBar in Espresso test
  • How to detect if gson.fromjson() has excess elements
  • I cant generate the proper code to select the a specific filter on a BI dashboard I am working on
  • How to Inject Dependencies into a Servlet Filter with Spring Boot Filter Registration Bean?
  • Thrift types as a Generic
  • Effective algorithm to random 4 unique integers less than a big max such as 100_000
  • Combining or and negation in Java regex?
  • Unable to instantiate default tuplizer Exception
  • Multi-tenant migration to work with quarkus
  • Ignite persisting a Set: Cannot find metadata for object with compact footer
  • Maven cannot resolve Jacob dependency using eclipse
  • testcontainers oracle database container starts before database user is created
  • Launching two spring boot apps in integration test
  • Is there a way to add a HashMap's value that is a integer array into a ArrayList?
  • Is there any way that I can get a parameter in paintComponent?
  • Empty stack with one recursive method and one iterative method
  • What's the behavior of onBackpressureBuffer in RxJava2
  • Java regex can only use 1 quantifier in a lookback (need 2)
  • How to fix error in native query : it is showing syntax error near or at
  • How to retrieve nested object from a document and display it in FirestoreRecyclerOptions?
  • Why not use ListIterator for full LinkedList Operation?
  • Android Webview EvaluateJavascript sometimes does not return a response
  • Matcher java doesn't work but regex seems to be good
  • Finding dimensions of a .gif file
  • Java Number format how to change +/- sign to custom text
  • Entity partially saved when using JOINED inheritance strategy and setting spring.jpa.properties.hibernate.jdbc.batch_siz
  • Stored Procedure in Java Spring Boot Project returns null as Output
  • How to solve org.hibernate.MappingException which is causing due to inheriting a class
  • Clean Archtecture. Understanding of scheme
  • Processing 3 triangle not showing in Javafx 8 Window tab
  • shadow
    Privacy Policy - Terms - Contact Us © scrbit.com