Best practice for creating safe/untainted SQL

20 hours ago 3
ARTICLE AD BOX

What is the best practice for creating SQL statements that won't be considered unsafe or tainted?

When I use JdbcTemplate/JdbcClient, I like to define my SQL constants and construct statements like this:

public static final String TABLE_NAME = "USERS"; public static final String COLUMN_ACCOUNTID = "ACCOUNTID"; public static final String SELECT_BY_ACCOUNTID = "SELECT * FROM " + TABLE_NAME + " WHERE " + COLUMN_ACCOUNTID + "=?";

IntelliJ warns that the SQL is unsafe when used:

public Optional<User> getUserByAccountId(String accountId) { return jdbcClient // IntelliJ warns that this string is unsafe: .sql(UserSql.SELECT_BY_ACCOUNTID) .query(new UserMapper()) .param(accountId) .optional(); }

How can a SQL statement be constructed so that it isn't considered unsafe?

Read Entire Article
  3. Best practice for creating safe/untainted SQL

Related

Lombok dependency (unused) causing intermittent StackOverflowError during Maven/IntelliJ compilation

Lombok dependency (unused) causing intermittent StackOverflowError during Maven/IntelliJ compilation

Need your advice for the future choices

Need your advice for the future choices

How to get default expression from CriteriaBuilder inside Specification

How to get default expression from CriteriaBuilder inside Specification

LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.