db Direct Access prepared statements

[Steve James]

I like the new capability to run a select statement and the columnData is available in the callbackFunction.

I need to use a prepared statement to protect us from sql injection so I know I need to use the direct jdbc access.

Is the only way to build the equivalent of columnData to loop through each column and get the object?

Thanks

[Jon]

You create a sql statement, then execute it which returns a result set, then loop through the rows of the result set extracting column values. There's an example here http://forum.ebasetech.com/forum/viewtopic.php?t=1020. To get the protection against sql injection you need to use question marks (?) in the where clause of your statement and then substitute variables into this.

[Steve James]

Thanks Jon, yes I use that approach regularly, I meant is is possible to just get all the column data with 1 variable (as per the new select / callbackFunction approach).

Your reply tells me what I suspected, ie there isn't the equivalent of columnData object per row.

Thanks
Steve

[Jon]

No there isn't anything like that. I guess you could build your own function - the code in DatabaseServices uses result set metadata and loops through the columns using rs.getObject().

[Steve James]

Thanks Jon, in this case I happen to have an object available that stores all the columns in the query. I can just loop through them and build the object.

I'll have a look at the metadata and see what I can find as it will make it more robust; especially if I use select * from xyz in the future.

Thanks again.