You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Gardella juan <ga...@gmail.com> on 2013/03/12 16:43:14 UTC
Dinamyc SQL with arguments
Hi,
I want to send an arbitrary SQL with arguments, like that:
"insert into foo (col1,col2) values (?,?)"
The SQL is dinamyc, so I can't harcoded in the SQL component. I've used jdbc
component but now I want to solve SQL Injection, so I want to pass arguments
as list/array. The arguments has to be used by the jdbc driver:
sqlStatement.setObject(i, arguments.get(i))
In this way I can solve SQL injection vulnerabilities.
It is possible to do that with a component in camel?
Best regards,
Juan
--
View this message in context: http://camel.465427.n5.nabble.com/Dinamyc-SQL-with-arguments-tp5729003.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Dinamyc SQL with arguments
Posted by Henryk Konsek <he...@gmail.com>.
> @Chris Odom: Thanks for the suggestion, I did in this way. But I think it is
> a better option support dinamyc sql query out of box in camel.
Yeah, you can do almost anything with custom Bean Component, but we
still should provide common and useful options in the components.
--
Henryk Konsek
http://henryk-konsek.blogspot.com
Re: Dinamyc SQL with arguments
Posted by Gardella juan <ga...@gmail.com>.
Thanks hekonsek for create the jira! I will follow this jira.
@Chris Odom: Thanks for the suggestion, I did in this way. But I think it is
a better option support dinamyc sql query out of box in camel.
Best regards,
Juan
--
View this message in context: http://camel.465427.n5.nabble.com/Dinamyc-SQL-with-arguments-tp5729003p5729089.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Dinamyc SQL with arguments
Posted by ch...@mediadriver.com.
Why not just use a custom processor component to do your SQL. I usually
just create the Bean as the Message body and pass it along my route. In
the final Processor I just extract the Bean and use that with a
DAO/SQLInvoker. These components can be setup in Spring DSL and works
great, just a thought.
On 2013-03-12 14:04, Henryk Konsek wrote:
>> I'll raise Jira issue today, as in fact
>> we should provide support for parameters for JDBC component
>
> The issue [1] for the enhancement has been raised.
>
> [1] https://issues.apache.org/jira/browse/CAMEL-6157
>
> --
> Henryk Konsek
> http://henryk-konsek.blogspot.com
Re: Dinamyc SQL with arguments
Posted by Henryk Konsek <he...@gmail.com>.
> I'll raise Jira issue today, as in fact
> we should provide support for parameters for JDBC component
The issue [1] for the enhancement has been raised.
[1] https://issues.apache.org/jira/browse/CAMEL-6157
--
Henryk Konsek
http://henryk-konsek.blogspot.com
Re: Dinamyc SQL with arguments
Posted by hekonsek <he...@gmail.com>.
Hi Juan,
You can use SQL component [1] with conjunction with the Recipient List EIP
[2] to achieve this.
from("direct:sql").recipientList(header("SQL_QUERY");
...
producerTemplate.sendBodyAndHeader("direct:sql", queryParams, "SQL_QUERY",
Collections.singletonList("sql:insert into foo values (#,#)"));
But this is actually kind of hack. I'll raise Jira issue today, as in fact
we should provide support for parameters for JDBC component (in order to
provide SQL injection safety).
Best regards.
[1] http://camel.apache.org/sql-component.html
[2] http://camel.apache.org/recipient-list.html
--
Henryk Konsek
--
View this message in context: http://camel.465427.n5.nabble.com/Dinamyc-SQL-with-arguments-tp5729003p5729006.html
Sent from the Camel - Users mailing list archive at Nabble.com.