2015-01-28 17:18 GMT+01:00 Stanimir Marinov <[email protected]>:
> Yes its better with prepared statement not only for SQL injections but for
> cachPrepStmts parameter in dataSource too. Thanks.
>
In fact, you're not going to be executing PreparedStatements if you're
using batch, this way. But still, jOOQ will take care of correctly inlining
your bind variables with proper escaping. If you want to use
PreparedStatements, then you'll need to execute things as single queries.
> It will be better if I can replace in update sql table and columns names
> with generated form JOOQ.
> If I change database structure I will forget to change this and query will
> not work. If I use generated from JOOQ names compilator will show errors
> and I cant upload not working things in production :)
Sure, you can take plain SQL templating as far as you want. E.g.
String sql = "update {0} set {1} = (@x := @x + 1) where mission_id={2}
and mission_parameters_id={3} order by execution desc;";
dsl.batch(dsl.query("SET @x = 0;"),dsl.query(sql, MISSION_USERS,
MISSION_USERS.REMAINING, val(missionId),
val(missionParameterId))).execute();
I hope this helps
Lukas
--
You received this message because you are subscribed to the Google Groups "jOOQ
User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
