Dynamic Queries:
To get rid of SQL Injection, we need to parameterize the "where" clause in our SQL query. What do we need to do when we don't only need to parameterize the "where" clause but also parts of the query? In Mule 3, we can't achieve this as in Mule 4 from the DB connector drop down. We need to select that we are using Dynamic query or parameterized. You have to choose between having a dynamic query and parameterized. In Mule 4 DB connector, we can use parameterized "where" clause and parts of the query simultaneously. In this example, you can see how a full expression is used to produce the query by building a string in which the table depends on a variable. An important thing to notice is that although the query text is dynamic, it is still using input parameters:
No comments:
Post a Comment