As a follow up to this question, what is the best approach for calling 'addBindVariableDictionary()' when you have two entities in your query?
Not sure if this is the best way to to do it, but I was able to get this to work by adding a second entity. EOEntity e1 = EOUtilities.entityForClass(ctx, Entity1.class); EOEntity e2 = EOUtilities.entityForClass(ctx, Entity2.class); .. EOSQLExpression exp = factory.createExpression(e1) <-- Here I just chose one entity to create the expression and it seemed to work .. exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(e1.attributeNamed(e1.E1_ID_KEY), value); exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(e2.attributeNamed(e2.E2_ID_KEY), value); Thoughts? Confusion? Chaos? Thanks, Chris Pastore On Nov 9, 2011, at 3:08 PM, <webobjects-dev-requ...@lists.apple.com<mailto:webobjects-dev-requ...@lists.apple.com>> wrote: I actually was instantiating PostgresqlExpression in my code, but I cleaned it up for the e-mail. This is nifty to keep it database agnostic though. Thanks! -Mike On Nov 9, 2011, at 1:38 PM, Mike Schrag wrote: EODatabaseContext dbc = EOUtilities.databaseContextForModelNamed(ec, model.name<http://model.name>()); EOSQLExpressionFactory sqlFactory = dbc.adaptorContext().adaptor().expressionFactory(); (adaptor().expressionFactory just calls plugIn().expressionFactory() for JDBC) ms On Nov 9, 2011, at 1:34 PM, Mike Schrag wrote: that's not exactly right ... you want to get an expression from an expressionfactory from your jdbcplugin implementation. ms On Nov 9, 2011, at 1:30 PM, Michael Gargano wrote: So, for future posterity and to help myself again when I need it... EOEntity entity = EOUtilities.entityForClass(cdw, YourEntity.class); JDBCExpression exp = new JDBCExpression(entity); exp.setUseBindVariables(true); exp.setStatement(sqlStatement); exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.UNIQUE_ID_KEY), ID)); exp.addBindVariableDictionary(exp.bindVariableDictionaryForAttribute(entity.attributeNamed(YourEntity.YEAR_KEY), new NSTimestamp(year))); NSArray<NSDictionary> rows = ERXEOAccessUtilities.rawRowsForSQLExpression(cdw, "YourModelName", exp); And now, SQL injection attacks have been avoided and the planet is once again safe! -Mike On Nov 8, 2011, at 2:29 PM, Michael Gargano wrote: Okay, let me come at this one another way because this doesn't seem to be panning out at all. I want to write a complicated SQL query across multiple tables and return a bunch of columns across those tables as an array of dictionaries. I know EOUtilities.rawRowsForSQLExpression will do this, but I want to have the parameters I'm passing into my expression to be parameterized as to prevent SQL injection attacks. Any Ideas? Thanks. -Mike On Nov 8, 2011, at 11:52 AM, Michael Gargano wrote: Hi, Does anyone have any examples of how to use ERXSQLQueryWithBindingsUtilities.runSqlQueryWithBindings? Two questions: 1) It seems like it should support named parameters since ERXKeyValueBinding implements ERXSQLBinding, but I can't figure out how the parameter placeholders should look in the query 2) Since I couldn't figure out 1(above) I was just using ERXObjectBindings and the parameter placeholder '?'. It seems to like this much better but when I pass a date in as a parameter it chokes on postgresql. Anyone ever use this utility method? Much thanks. -Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com><mailto:Webobjects-dev@lists.apple.com>) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/mgargano%40escholar.com This email sent to mgarg...@escholar.com<mailto:mgarg...@escholar.com> _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/mschrag%40pobox.com This email sent to msch...@pobox.com<mailto:msch...@pobox.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.apple.com/pipermail/webobjects-dev/attachments/20111109/63099fb7/attachment.html
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
