Either that or use the DataFrame API, which directly constructs query plans and thus doesn't suffer from injection attacks (and runs on the same execution engine).
On Thu, Sep 10, 2015 at 12:10 AM, Sean Owen <so...@cloudera.com> wrote: > I don't think this is Spark-specific. Mostly you need to escape / > quote user-supplied values as with any SQL engine. > > On Thu, Sep 10, 2015 at 7:32 AM, V Dineshkumar > <developer.dines...@gmail.com> wrote: > > Hi, > > > > What is the preferred way of avoiding SQL Injection while using Spark > SQL? > > In our use case we have to take the parameters directly from the users > and > > prepare the SQL Statement.I was not able to find any API for preparing > the > > SQL statement safely avoiding injection. > > > > Thanks, > > Dinesh > > Philips India > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@spark.apache.org > For additional commands, e-mail: user-h...@spark.apache.org > >
