innovaphone Apps SDK Developer Forum

innovaphone Forum

Registered 14 years 35 days

Daniel 450 Tuesday, 6 December 2022, 08:32 AM

SQL Prepare Statements in JS

Hello,

i saw in the sdk three ways to do SQL commands.

1) via C++

2) via JS client-side framework

3) via JS library for App Services

to 1) we see that sql prepare statements could be used

to 2) we assume that it is solved by prepare statements, but we didn´t checked it

to 3) we didn´t see anything that it is possible to do an sql prepare statement, so that the sql command and the dynamic parts (values) could be separated for more prevention of sql injections.

I hope there is a way to do sql prepare statements also in JS App Services and you could show me an example solution to do that.

Moderator

Registered 12 years 278 days

Andreas Fink (innovaphone) Wednesday, 7 December 2022, 12:26 PM

1 of 1 users consider this post helpful

Re: SQL Prepare Statements in JS

Hello Daniel,

for 1) and 2) you are correct - prepared statements are possible.

Also for 3), you can use PREPARE and EXECUTE statements as the exec function parameter.

The only drawback for 3) existing - no binary parameter transfer available. This may affect performance on high load applications.

We are reviewing the possibility to implement additional functions for the Database object of the JavaScript library for App Services, in order to support binary parameter transfer.

Best Regards

Andreas Fink

← You can define your color theme preference here

You are here