Can't repeat this strongly enough. Do not, ever, decide you can escape/ sanitize the strings yourself so you don't need a parameterized query. Maybe it works, but one of these days you'll slip up and get something wrong. Just prepare a statement with the right number of ?s in it, and then ask the SQL driver/server to fill in the blanks. They'll never get it wrong, and it will be more efficient to boot if you can reuse a parameterized query later.
On Oct 21, 9:22 pm, Sean Corfield <seancorfi...@gmail.com> wrote: > On Fri, Oct 21, 2011 at 5:54 PM, Shoeb Bhinderwala > > <shoeb.bhinderw...@gmail.com> wrote: > > I wrote the following function to create a SQL IN clause from a list > > of values. Essentially the function creates a single string which is a > > comma separated quoted list of the values surrounded by parenthesis. > > If you're using clojure.java.jdbc, you could generate a lit of ? for > the SQL and just using the vector directly... something like this (off > the top of my head, completely untested): > > (def qs (clojure.string/join "," (repeat (count xs) "?"))) > > (def sql (str "select * from table where id in (" qs ")")) > > (clojure.java.jdbc/with-query-result conn rows > [ sql xs ] > (do-something-to rows)) > > Sorry, don't have a REPL open right now to test this... > -- > Sean A Corfield -- (904) 302-SEAN > An Architect's View --http://corfield.org/ > World Singles, LLC. --http://worldsingles.com/ > Railo Technologies, Inc. --http://www.getrailo.com/ > > "Perfection is the enemy of the good." > -- Gustave Flaubert, French realist novelist (1821-1880) -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en