Getting Startedwith pureQuery

More documents

Recommendations

Info

128 Getting Started with pureQuery If you are using IBM Optim Development Studio, you can add a replacement SQL statement by opening a pureQueryXml file with the tool’s pureQueryXML Editor. Rightclick on the statement that you want to replace and select Edit Statement, as shown in Figure 6.14. Then, enter the new statement that you want to use, as shown in Figure 6.15. Figure 6.14 - Edit a statement in a pureQueryXml file by using the pureQueryXML Editor Figure 6.15 - In the pureQueryXML Editor, type the replacement SQL statement that you want to use If you are not using IBM Optim Development Studio and you want to use this feature, you will need to modify the pureQueryXml file directly. In a pureQueryXml file, statementDescriptor elements describe the SQL statements that the application executes. To replace an SQL statement, locate the statementDescriptor element for that statement, and set the new SQL statement as the value of the processedSql element. After you make changes to statement sets, for use in static execution, you must set the value of their configureStatus attributes to REQUIRED. If you specify to the StaticBinder utility a pureQueryXml file that contains replacement statements, and the isBindable attributes are set to true for the statements, the utility binds the alternate statements instead of the original statements. If you are using dynamic SQL, pureQuery uses the original SQL statements by default. Use the pureQuery property pdq.enableDynamicSQLReplacement to direct pureQuery to use the replacement SQL statements. The value TRUE directs pureQuery to use the replacement SQL statements; the value FALSE directs pureQuery to use the original SQL statements. The default value is FALSE. The ability to specify replacement SQL statements is a very powerful feature that can help you to replace SQL statements in situations in which you cannot modify the source code. Be aware, however, that using this feature can reduce the security of your application, if you do not sufficiently protect the pureQueryXml file. Someone could maliciously add replacement SQL statements to a pureQueryXml file to cause the application to execute them instead of the SQL statements in the application. For SQL statements that execute
Chapter 6 – The Client Optimizer: pureQuery for Existing Applications 129 dynamically, replacing SQL statements is not allowed by default, and you must set pdq.enableDynamicSQLReplacement to TRUE to allow it. For SQL statements that execute statically, if you cannot sufficiently control access to your pureQueryXml, you can check your pureQueryXml file before each bind to ensure that it does not contain replacement statements. 6.10 SQL Literal substitution Sometimes applications execute SQL statements that contain literal values instead of parameter markers. For example, if an application searches the EMPLOYEE table for an employee with an employee number that the user supplies, the application might use string concatenation to create an SQL statement with a literal value, as shown in Listing 6.11. In this example, if the user supplied the employee number 000010, then the application would create the SQL statement shown in Listing 6.12. String employeeNumber = // value supplied by user String sql = "SELECT * FROM EMPLOYEE WHERE EMPNO = '" + employeeNumber + "'"; PreparedStatement preparedStatement = connection.prepareStatement (sql); ResultSet resultSet = preparedStatement.executeQuery(); Listing 6.11 - An example of code that creates and executes an SQL statement with a literal value SELECT * FROM EMPLOYEE WHERE EMPNO = '000010' Listing 6.12 - The SQL statement that would be created by the code in Listing 6.11 if the user provided the employee number "000010" Listing 6.13 shows an example that creates an SQL statement with a parameter, rather than one with a literal value. String employeeNumber = // value supplied by user String sql = "SELECT * FROM EMPLOYEE WHERE EMPNO = ?"; PreparedStatement preparedStatement = connection.prepareStatement (sql); preparedStatement.setString (employeeNumber); ResultSet resultSet = preparedStatement.executeQuery(); Listing 6.13 - An example of code that creates and executes an SQL statement with a parameter 6.10.1 Advantages of parameterized SQL statements SQL statements that have parameters have many advantages over those that have literal values. For example, SQL statements that are constructed by concatenation are vulnerable to SQL injection. In addition, if the user supplies the literal values, then there can be an enormous number of very similar SQL statements. The large number of distinct statements can have negative performance impacts, such as by flooding the dynamic statement cache with statements that are executed only once, and thereby significantly
Page 3 and 4:
G E T T I N G S T A R T E D W I T H
Page 5 and 6:
Notices This information was develo
Page 7:
Trademarks IBM, the IBM logo, DB2,
Page 10 and 11:
10 Getting Started with pureQuery 3
Page 12 and 13:
12 Getting Started with pureQuery C
Page 14 and 15:
14 Getting Started with pureQuery 1
Page 16 and 17:
16 Getting Started with pureQuery C
Page 18 and 19:
18 Getting Started with pureQuery m
Page 20 and 21:
20 Getting Started with pureQuery T
Page 22 and 23:
22 Getting Started with pureQuery K
Page 24 and 25:
24 Getting Started with pureQuery A
Page 27 and 28:
1 Chapter 1 - Introduction to pureQ
Page 29 and 30:
Chapter 1 - Introduction to pureQue
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
2 Chapter 2 - Installing pureQuery
Page 47 and 48:
Chapter 2 - Installing pureQuery (O
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61:
PART II - TOOLING
Page 66 and 67:
66 Getting Started with pureQuery F
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
72 Getting Started with pureQuery t
Page 74 and 75:
74 Getting Started with pureQuery A
Page 76 and 77:
76 Getting Started with pureQuery T
Page 78 and 79: 78 Getting Started with pureQuery a
Page 80 and 81: 80 Getting Started with pureQuery r
Page 82 and 83: 82 Getting Started with pureQuery F
Page 84 and 85: 84 Getting Started with pureQuery 4
Page 86 and 87: 86 Getting Started with pureQuery Y
Page 92 and 93: 92 Getting Started with pureQuery D
Page 98 and 99: 98 Getting Started with pureQuery
Page 105 and 106: PART III - SECURITY, PERFORMANCE, A
Page 107 and 108: 6 Chapter 6 - The Client Optimizer:
Page 109 and 110: Chapter 6 - The Client Optimizer: p
Page 127: Chapter 6 - The Client Optimizer: p
Page 137 and 138: 7 Chapter 7 - The StaticBinder Util
Page 139 and 140: Chapter 8 - Extended Insight 139 No
Page 141 and 142: 7.2.2.3 Changes to pureQueryXml fil
Page 143 and 144: Chapter 8 - Extended Insight 143 Fi
Page 145 and 146: Chapter 8 - Extended Insight 145 Fi
Page 147 and 148: Chapter 8 - Extended Insight 147 -u
Page 149 and 150: Chapter 8 - Extended Insight 149 7.
Page 151 and 152: Chapter 8 - Extended Insight 151 ne
Page 153: Chapter 8 - Extended Insight 153 11
Page 169 and 170: 9 Chapter 9 - Persistence Framework
Page 171 and 172: 9.1.1.1 JPA Chapter 9 - Persistence
Page 173 and 174: Chapter 9 - Persistence Frameworks
Page 179 and 180:
Chapter 9 - Persistence Frameworks
Page 181:
Chapter 9 - Persistence Frameworks
Page 184 and 185:
184 Getting Started with pureQuery
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 243 and 244:
12 Chapter 12 - Stored Procedures T
Page 245 and 246:
Chapter 12 - Stored Procedures 245
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
13 Chapter 13 - Handlers In this ch
Page 263 and 264:
Chapter 13 - Handlers 263 Figure 13
Page 265 and 266:
Chapter 13 - Handlers 265 SELECT *
Page 267 and 268:
Chapter 13 - Handlers 267 construct
Page 269 and 270:
13.4.1 Writing a ResultHandler impl
Page 271 and 272:
Chapter 13 - Handlers 271 functiona
Page 273 and 274:
Chapter 13 - Handlers 273 Listing 1
Page 275 and 276:
Chapter 13 - Handlers 275 package h
Page 277:
A. In a getData method in the com.i
Page 281 and 282:
14 Chapter 14 - Best Practices In t
Page 283 and 284:
Chapter 14 - Best Practices 283 @Se
Page 285 and 286:
Chapter 14 - Best Practices 285 Fig
Page 287 and 288:
15 Chapter 15 - pureQuery and pureX
Page 289 and 290:
Chapter 15 - pureQuery and pureXML
Page 291 and 292:
Page 293:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 305 and 306:
A Appendix A - Solutions to the rev
Page 307 and 308:
Appendix A - Solutions to the revie
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
B Appendix B - Understanding the Sa
Page 315 and 316:
B.1.3 The “Employee Information
Page 317 and 318:
Appendix C - Up and Running with DB
Page 319 and 320:
B.1.6 The “Company Employees” s
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
C.4.1 IBM Optim Development Studio
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345:
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 355 and 356:
E Appendix E - Options Files This a
Page 357 and 358:
Appendix E - Options files 357 comm
Page 359:
Appendix E - Options files 359 In b
Page 363 and 364:
Resources Web sites 1. pureQuery pl
show all

Getting Startedwith pureQuery

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?