[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard updated NIFI-978: -------------------------------- Resolution: Fixed Fix Version/s: 1.6.0 Status: Resolved (was: Patch Available) > Support parameterized prepared statements in ExecuteSQL > ------------------------------------------------------- > > Key: NIFI-978 > URL: https://issues.apache.org/jira/browse/NIFI-978 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Reporter: Daryl Teo > Assignee: Matt Burgess > Priority: Minor > Fix For: 1.6.0 > > > PutSQL and ExecuteSQL are highly inconsistent and leads to confusion. > - PutSQL relies on FlowFile content to execute it's statement. > - ExecuteSQL relies on SQL Select Command attribute > - PutSQL supports parameterized statements through sql.args attributes > - ExecuteSQL relies on Expression Language to insert dynamic properties > The reliance on expression language for ExecuteSQL may also lead to potential > SQL injection if one is not careful as it is a string replacement. > Therefore in the interest of reliability and consistency I highly recommend > that the SQL processors be standardised. > Note: I prefer the sql command attribute for running SQL as opposed to the > (lower visibility) content based command specification. Having the query > attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a > great improvement. If you support this, I will create a new issue in Jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)