[ https://issues.apache.org/jira/browse/LOG4J2-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498660#comment-17498660 ]
Gary D. Gregory commented on LOG4J2-3417: ----------------------------------------- Internally the SQL for something likeĀ log4j.appender.DB.sql=INSERT INTO LOGS VALUES('%x','%d','%C','%p','%m') Should translate to INSERT INTO LOGS VALUES(?, ?, ?, ?, ?) It should be a requirement on our implementation to use JDBC a prepared statement or callable statement for a stored procedure call. > Create JDBC appender for compatibility with v1 > ---------------------------------------------- > > Key: LOG4J2-3417 > URL: https://issues.apache.org/jira/browse/LOG4J2-3417 > Project: Log4j 2 > Issue Type: New Feature > Components: Appenders, Log4j 1.2 bridge > Reporter: Matt Sicker > Priority: Major > > Log4j 1 had a JDBC appender which made it fairly simple to set up an appender > to a database. While the old version doesn't work properly with modern > security practices, it shouldn't be too hard to parse the configured SQL > statement for pattern layout keys and extract them into a parameterized query. -- This message was sent by Atlassian Jira (v8.20.1#820001)