Author: shawkins
Date: 2011-11-04 10:57:30 -0400 (Fri, 04 Nov 2011)
New Revision: 3613
Modified:
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
Log:
TEIID-669 refining escaping
Modified: trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml
===================================================================
---
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2011-11-04
12:11:35 UTC (rev 3612)
+++
trunk/documentation/reference/src/main/docbook/en-US/content/translators.xml 2011-11-04
14:57:30 UTC (rev 3613)
@@ -527,11 +527,11 @@
"SELECT c FROM y" would generate the SQL query "SELECT c FROM
(select c from g) as x". Note that the column names in the native query must match
the nameInSource of the physical table columns for the resulting SQL
to be valid.</para>
<para>For physical procedures you may also set the teiid:native-query
extension metadata to a desired query string with the added ability to positionally
reference IN parameters. A parameter reference has the form
- $integer, e.g. $1. Note that 1 based indexing is used and that only IN
parameters may be referenced. Dollar-sign ($) is reserved in physical procedure native
queries. To use a $ directly, it must be escaped with another $, e.g. $$.
+ $integer, e.g. $1. Note that 1 based indexing is used and that only IN
parameters may be referenced. Dollar-sign integer is reserved in physical procedure
native queries. To use a $integer directly, it must be escaped with another $, e.g. $$1.
By default bind values will be used for parameter values. In some situations
you may wish to bind values directly into the resulting SQL. The teiid:non-prepared
extension metadata property may be set to false to turn off
parameter binding. Note this option should be used with caution as inbound may
allow for SQL injection attacks if not properly validated. The native query does not need
to call a stored procedure. Any SQL that returns
- a result set positionally matching the result set expected by the physical
stored procedure metadata will work. For example on a stored procedure x with
teiid:native-query=select c from g where c1 = $1 and c2 = '$$', the Teiid source
query
- "CALL x(?)" would generate the SQL query "select c from g where
c1 = ? and c2 = '$'". Note that ? in this example will be replaced with the
actual value bound to parameter 1.
+ a result set positionally matching the result set expected by the physical
stored procedure metadata will work. For example on a stored procedure x with
teiid:native-query=select c from g where c1 = $1 and c2 = '$$1', the Teiid source
query
+ "CALL x(?)" would generate the SQL query "select c from g where
c1 = ? and c2 = '$1'". Note that ? in this example will be replaced with the
actual value bound to parameter 1.
</para>
</section>
Show replies by date