You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/01/25 15:31:00 UTC
[jira] [Commented] (NIFI-978) Support parameterized prepared
statements in ExecuteSQL
[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16339380#comment-16339380 ]
ASF GitHub Bot commented on NIFI-978:
-------------------------------------
GitHub user mattyb149 opened a pull request:
https://github.com/apache/nifi/pull/2433
NIFI-978: Support parameterized statements in ExecuteSQL
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [x] Is your initial contribution a single, squashed commit?
### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mattyb149/nifi NIFI-978
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2433.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2433
----
commit 7052824d88b3b9ceb04d7dda92cb63264ccf2a65
Author: Matthew Burgess <ma...@...>
Date: 2018-01-25T15:24:17Z
NIFI-978: Support parameterized statements in ExecuteSQL
----
> Support parameterized prepared statements in ExecuteSQL
> -------------------------------------------------------
>
> Key: NIFI-978
> URL: https://issues.apache.org/jira/browse/NIFI-978
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Daryl Teo
> Assignee: Matt Burgess
> Priority: Minor
>
> PutSQL and ExecuteSQL are highly inconsistent and leads to confusion.
> - PutSQL relies on FlowFile content to execute it's statement.
> - ExecuteSQL relies on SQL Select Command attribute
> - PutSQL supports parameterized statements through sql.args attributes
> - ExecuteSQL relies on Expression Language to insert dynamic properties
> The reliance on expression language for ExecuteSQL may also lead to potential SQL injection if one is not careful as it is a string replacement.
> Therefore in the interest of reliability and consistency I highly recommend that the SQL processors be standardised.
> Note: I prefer the sql command attribute for running SQL as opposed to the (lower visibility) content based command specification. Having the query attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a great improvement. If you support this, I will create a new issue in Jira.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)