Geek Answers Handbook

Batch insert using groovy Sql?

How can you do batch insertion with groovy Sql while simulating prepared statements? All the examples that I found are similar to the following and do not use prepared instructions.

withBatch  { stmt ->
stmt.addBatch("insert into table (field1,field2) values('value1','value2')")
stmt.addBatch("insert into table (field1,field2) values('value3','value4')")
}

According to this link http://jira.codehaus.org/browse/GROOVY-3504 it is impossible to use prepared statements directly from within the package. What is the best way to simulate this, so I can avoid having to write my own code to avoid sql injection?

+5
source share
4 answers

Groovy 1.8.1 introduced support for trained dispensing operators. A simple example:

sql.withBatch(20, """update some_table 
                        set some_column = :newvalue 
                      where id = :key """) { ps ->                 
          mymap.each { k,v ->
              ps.addBatch(key:k, newvalue:v)
          }
}

. : http://novyden.blogspot.com/2011/09/groovy-batch-prepared-statement-nice.html

+16

1.8.1. . Groovy 1.8.1. Pls API Document .

+1

http://jira.codehaus.org/browse/GROOVY-4328.

JIRA:

... , () GString . , "", , , , . "?"

, . Java - escape- SQL

In this case, you can apply the heuristic from the above and decorate the method withBatch

0
source

Owasp ESAPI. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

The only option when prepared statements and stored procedures are not an option is to manually avoid user input.

ESAPI has working, ready-made reference methods.

Codec ORACLE_CODEC = new OracleCodec();
 String query = "SELECT user_id FROM user_data WHERE user_name = '" + 
   ESAPI.encoder().encodeForSQL( ORACLE_CODEC, req.getParameter("userID")) + "' and user_password = '"
   + ESAPI.encoder().encodeForSQL( ORACLE_CODEC, req.getParameter("pwd")) +"'";

Source: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Databas

0
source

More articles:


All Articles