Using Named Bind Parameters with ViewObjects
In order to avoid any SQL injection attacks , named bind variables or positional parameters approach is recommended wherever you set ViewObject where clause.
Here is the code snippet for the bind parameter approach:
public void addWhereClauseWithNamedBindParams(){
ViewObject vo=this.getEmployee();
vo.setWhereClause(null);
vo.setWhereClause("Empno=:eNo");
vo.defineNamedWhereClauseParam("eNo",new Integer("123"),null);
vo.executeQuery();
vo.removeNamedWhereClauseParam("eNo");
vo.setWhereClause(null);
}
Using Positional Parameters
Here is the code snippet for positional parameters approach:
public void addWhereClause(){
ViewObject vo=this.getEmployee();
vo.setWhereClauseParams(null);
vo.setWhereClause(null);
vo.setWhereClause("Eno=:1");
vo.setWhereClauseParams(new Object[]{new Integer("123")});
vo.executeQuery();
vo.setWhereClauseParams(null);
vo.setWhereClause(null);
}
In order to avoid any SQL injection attacks , named bind variables or positional parameters approach is recommended wherever you set ViewObject where clause.
Here is the code snippet for the bind parameter approach:
public void addWhereClauseWithNamedBindParams(){
ViewObject vo=this.getEmployee();
vo.setWhereClause(null);
vo.setWhereClause("Empno=:eNo");
vo.defineNamedWhereClauseParam("eNo",new Integer("123"),null);
vo.executeQuery();
vo.removeNamedWhereClauseParam("eNo");
vo.setWhereClause(null);
}
Using Positional Parameters
Here is the code snippet for positional parameters approach:
public void addWhereClause(){
ViewObject vo=this.getEmployee();
vo.setWhereClauseParams(null);
vo.setWhereClause(null);
vo.setWhereClause("Eno=:1");
vo.setWhereClauseParams(new Object[]{new Integer("123")});
vo.executeQuery();
vo.setWhereClauseParams(null);
vo.setWhereClause(null);
}
No comments:
Post a Comment