简体   繁体   中英

What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

Assume a SchemaRDD rdd with a registered table customer . You want to filter out records according to a user input. One idea you might have how to do this is the following:

rdd.sqlContext.sql(s"SELECT * FROM customer WHERE name='$userInput'")

However, since the old days of PHP we know that this can lead to nasty things. Is there an equivalent of PreparedStatement? The only thing I could find that looked remotely relevant is org.apache.commons.lang.StringEscapeUtils.escapeSql .

一种选择是使用thriftserver来公开jdbc ,然后可以使用常规技术(PreparedStatement等)来防止sql注入。

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM