So, for future posterity and to help myself again when I need it...
EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class);
JDBCExpression exp = new JDBCExpression(entity);
exp.setUseBindVariables(true);
exp.setStatement(sqlStatement);
exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY),
ID));
exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY),
new NSTimestamp(year)));
NSArray<NSDictionary> rows =
ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp);
And now, SQL injection attacks have been avoided and the planet is once again
safe!
-Mike
On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote:
Okay, let me come at this one another way because this doesn't seem to be
panning out at all. I want to write a complicated SQL query across multiple
tables and return a bunch of columns across those tables as an array of
dictionaries. I know EOUtilities.rawRowsForSQLExpression will do this, but I
want to have the parameters I'm passing into my expression to be parameterized
as to prevent SQL injection attacks.
Any Ideas?
Thanks.
-Mike
On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote:
Hi,
Does anyone have any examples of how to use
ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings?
Two questions:
1) It seems like it should support named parameters since ERXKeyValueBinding
implements ERXSQLBinding, but I can't figure out how the parameter placeholders
should look in the query
2) Since I couldn't figure out 1(above) I was just using ERXObjectBindings and
the parameter placeholder '?'. It seems to like this much better but when I
pass a date in as a parameter it chokes on postgresql.
Anyone ever use this utility method?
Much thanks.
-Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list
(Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com
This email sent to mgarg...@escholar.com<mailto:mgarg...@escholar.com>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
