Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
PutSQL and ExecuteSQL are highly inconsistent and leads to confusion.
- PutSQL relies on FlowFile content to execute it's statement.
- ExecuteSQL relies on SQL Select Command attribute
- PutSQL supports parameterized statements through sql.args attributes
- ExecuteSQL relies on Expression Language to insert dynamic properties
The reliance on expression language for ExecuteSQL may also lead to potential SQL injection if one is not careful as it is a string replacement.
Therefore in the interest of reliability and consistency I highly recommend that the SQL processors be standardised.
Note: I prefer the sql command attribute for running SQL as opposed to the (lower visibility) content based command specification. Having the query attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a great improvement. If you support this, I will create a new issue in Jira.