Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-5079

PreparedStatement dynamic parameters to avoid SQL Injection test

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 1.8.0
    • None
    • Client - JDBC

    Description

      Capability to use PreparedStatement with dynamic parameters to prevent SQL Injection.

      For example:
      select * from PEOPLE where FIRST_NAME = ? and LAST_NAME = ? limit 100

      As for now, Drill will return:
      Error Message:PreparedStatementCallback; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; Failed to create prepared statement: PLAN ERROR: Cannot convert RexNode to equivalent Drill expression. RexNode Class: org.apache.calcite.rex.RexDynamicParam, RexNode Digest: ?0

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. DRILL-7870 Drill not supporting Prepared statment

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              wsudrajat Wahyu Sudrajat
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: