Comments (6)
Thanks for your request.
Yes, I understand a necessity for FOR
loop. But I have one question in your comment.
it's bound to only one parameter this is open to SQL Injection
What does it mean? I think it's safe to give the array which has one element to IN
parameter. Are you describing about other case?
If there are any cases which cause SQL injection with /*var*/
(NOT /*$var*/
), it's a bug of Mirage, so I'll fix it as soon as possible.
from mirage.
But I have one question in your comment.
it's bound to only one parameter this is open to SQL Injection
What does it mean? I think it's safe to give the array which has one element to IN parameter. Are you describing about other case?
An array with more than one element is the problem.
I think last time I've tried, with a Prepared Statement was possible to bind only one parameter, not a "variable sized one", i.e.
where something IN (?)
So since Mirage allows to "bind an array", it must concatenate the elements, and since it doesn't seems to use
http://code.google.com/p/owasp-esapi-java/ that's probably not SQL injection proof.
from mirage.
a Prepared Statement was possible to bind only one parameter, not a "variable sized one"
Yes, so Mirage expands array binding to the multiple placeholder.
where something IN /*array*/
to
where something IN (?, ?, ...)
See #1 (comment) to know how to bind array as IN
parameter in Mirage:
from mirage.
Any news on the "loop" command support?
from mirage.
I subscribe to @hansgru 's request. A "for" loop would simplify quite a few scenarios.
tnx
from mirage.
+1
from mirage.
Related Issues (20)
- Update group id HOT 8
- JUnit dependency HOT 2
- Mirage-SQL 2.0.x HOT 9
- Add Java 8 JSR 310 compatibility HOT 4
- Make project Java 9 compatible too.
- Refactor Tools to it's own module. HOT 1
- Generate Website HOT 3
- Generate Groovy Entities HOT 1
- Add convention "id" for field as PK.
- Support Maps, not just Entities.
- Add Integration Tests.
- Generate DDLs from Entities
- Mirage-SQL 2.1.0 HOT 12
- Add new Icon and Logo.
- Extend DB Dialect Support with Version Info
- Generated Insert and Delete statement field order is not predictable.
- Avoid log output that print sql at INFO level HOT 1
- Have any roadmap to support immutable entity?
- HikariCPSessionImpl fails to "new HikariCPSessionImpl ()" HOT 1
- Can't save Null value into BIT column type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mirage.