db Direct Access prepared statements

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

Steve James
Ebase User
Posts: 331
Joined: Mon Mar 10, 2014 8:34 am

db Direct Access prepared statements

#1

Postby Steve James » Fri Jan 20, 2017 4:23 pm

I like the new capability to run a select statement and the columnData is available in the callbackFunction.

I need to use a prepared statement to protect us from sql injection so I know I need to use the direct jdbc access.

Is the only way to build the equivalent of columnData to loop through each column and get the object?

Thanks
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

#2

Postby Jon » Fri Jan 20, 2017 6:38 pm

You create a sql statement, then execute it which returns a result set, then loop through the rows of the result set extracting column values. There's an example here http://forum.ebasetech.com/forum/viewtopic.php?t=1020. To get the protection against sql injection you need to use question marks (?) in the where clause of your statement and then substitute variables into this.
0 x

Steve James
Ebase User
Posts: 331
Joined: Mon Mar 10, 2014 8:34 am

#3

Postby Steve James » Mon Jan 23, 2017 9:36 am

Thanks Jon, yes I use that approach regularly, I meant is is possible to just get all the column data with 1 variable (as per the new select / callbackFunction approach).

Your reply tells me what I suspected, ie there isn't the equivalent of columnData object per row.

Thanks
Steve
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

#4

Postby Jon » Mon Jan 23, 2017 10:25 am

No there isn't anything like that. I guess you could build your own function - the code in DatabaseServices uses result set metadata and loops through the columns using rs.getObject().
0 x

Steve James
Ebase User
Posts: 331
Joined: Mon Mar 10, 2014 8:34 am

#5

Postby Steve James » Mon Jan 23, 2017 10:34 am

Thanks Jon, in this case I happen to have an object available that stores all the columns in the query. I can just loop through them and build the object.

I'll have a look at the metadata and see what I can find as it will make it more robust; especially if I use select * from xyz in the future.

Thanks again.
0 x


Who is online

Users browsing this forum: No registered users and 8 guests