I don't want to receive this email anymore !!! Thanks ! ----- Message d'origine ---- De : Øyvind Harboe <[EMAIL PROTECTED]> À : [email protected] Envoyé le : Jeudi, 30 Novembre 2006, 11h35mn 35s Objet : Re: Problems with prepared statements
On 11/29/06, Tore Halset <[EMAIL PROTECTED]> wrote: > On Nov 29, 2006, at 12:42 , Øyvind Harboe wrote: > > > So the MS Access adapter should contain a proxy jdbc driver that > > "unprepares" statements? > > This is not related to cayenne at all, so it will be independant of > the adapter. > > > I've never written a proxy jdbc driver nor have I unprepared > > statements, but it sounds like fun. :-) > > You should know about all the bad things that can happen if you stop > using prepared statements. Like security issues with sql injection. > > Create your own java.sql.Driver, Connection and PreparedStatement. > Your Driver can handle jdbc urls like "myhack:jdbc:othervendor..". > Your Connection wrap a underlying connection from the real database > and forward all calls to that connection except for the calls that > create PreparedStatements. Your PreparedStatement should wrap a > standard Statement from the underlying jdbc driver. It should collect > all parameters and convert the prepare sql sentence to a non-prepared > sql sentence. You will get into lots of trouble with String escaping > and so on... This is indeed the wrong path to follow. Yuk! If I can't fix this in Cayenne, then I'll try to add some more workarounds in the application. At application my workaround is to use Expression.filterObjects() instead of using a qualifier during the query if the query throws an exception. -- Øyvind Harboe http://www.zylin.com ___________________________________________________________________________ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com
