Can't repeat this strongly enough. Do not, ever, decide you can escape/
sanitize the strings yourself so you don't need a parameterized query.
Maybe it works, but one of these days you'll slip up and get something
wrong. Just prepare a statement with the right number of ?s in it, and
then ask the SQL driver/server to fill in the blanks. They'll never
get it wrong, and it will be more efficient to boot if you can reuse a
parameterized query later.
On Oct 21, 9:22 pm, Sean Corfield <seancorfi...@gmail.com> wrote:
> On Fri, Oct 21, 2011 at 5:54 PM, Shoeb Bhinderwala
>
> <shoeb.bhinderw...@gmail.com> wrote:
> > I wrote the following function to create a SQL IN clause from a list
> > of values. Essentially the function creates a single string which is a
> > comma separated quoted list of the values surrounded by parenthesis.
>
> If you're using clojure.java.jdbc, you could generate a lit of ? for
> the SQL and just using the vector directly... something like this (off
> the top of my head, completely untested):
>
> (def qs (clojure.string/join "," (repeat (count xs) "?")))
>
> (def sql (str "select * from table where id in (" qs ")"))
>
> (clojure.java.jdbc/with-query-result conn rows
> [ sql xs ]
> (do-something-to rows))
>
> Sorry, don't have a REPL open right now to test this...
> --
> Sean A Corfield -- (904) 302-SEAN
> An Architect's View --http://corfield.org/
> World Singles, LLC. --http://worldsingles.com/
> Railo Technologies, Inc. --http://www.getrailo.com/
>
> "Perfection is the enemy of the good."
> -- Gustave Flaubert, French realist novelist (1821-1880)
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
