Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-10

Properly use prepared statements instead of injecting values into "insert" and "update" SQL statements

    XMLWordPrintableJSON

Details

    Description

      At the moment, all "insert" and "update" commands use a fully formed SQL string with embedded values:
      "insert into SQLDATACLASS (PK_ID, color,date_time) values (2252, '0','2010-03-05 22:23:000000')".

      This should be updated to "insert into SQLDATACLASS (PK_ID, color,date_time) values (?,?,?)".

      This should also solve issues with quoting values such as (especially affecting DB2) quoting integer, float, etc, non-string values. DB2 is throwing an exception when integers and floats are quoted ('1') instead of (1).

      Attachments

        Activity

          People

            kevin-m Kevin Meyer
            kevin-m Kevin Meyer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 168h
                168h
                Remaining:
                Time Spent - 12h Remaining Estimate - 40h
                40h
                Logged:
                Time Spent - 12h Remaining Estimate - 40h Time Not Required
                12h