I’d like to automatically build up a SQL query based on some strings passed in by my users. Are there any helper methods for doing that in the Cloud Spanner APIs?
We strongly recommend that you not generate textual SQL based on untrusted user input. It’s much easier and safer to use bound parameters, which help you avoid SQL injection attacks.
Related
I built an app in Django, and have a script I wrote in Java that I'd like to use on the data from the Postgres database.
I understand I can simply run a raw SQL query with the data in Java, but would it be more efficient to create ORM models with Java to access and process the data?
More generally, if I mainly use a database with one framework, but need to access the data with another language or outside of the framework, should I build models with an ORM or use raw SQL?
That is up to you, there is no one-size-fits-all solution for this. Because you cannot directly work with the whole Django framework you will have to create and maintain the database interface in your other language.
but need to access the data with another language or outside of the framework
Depending on the proportion of data you need to access, you may consider creating and communicating with an API instead, for instance using Django REST Framework. If your Django app is, and will remain the core of what works with the data in this database, this is probably the most sensible way to deal with interfacing to that data from other languages and environments.
Question about GraphQL and its vulnerability to SQL injections. Say I have some dynamic search being performed, where a user enters text into a field, and I use this as a parameter to a graphQL search.
So, I end up with something like this:
{
data {
location: user_input
}
}
where user_input is a variable specified by the user.
Now, say a user were to try and enter some malevolent code here, to wipe the database or something along those lines (i.e. a 1=1 attack). Would this work here? Does GraphQL simply translate the queries into SQL and thus could this be dangerous? Or will GraphQL prevent such things from happening?
Thank you
GraphQL is a query language. From the spec:
GraphQL is a query language designed to build client applications by providing an intuitive and flexible syntax and system for describing their data requirements and interactions... GraphQL is not a programming language capable of arbitrary computation, but is instead a language used to query application servers that have capabilities defined in this specification. GraphQL does not mandate a particular programming language or storage system for application servers that implement it.
GraphQL is agnostic about the underlying data layer. It can be used with a SQL database, but it could also be used with a NoSQL database, an in-memory key-value store, a file system, etc.
Whether a particular GraphQL service is vulnerable to SQL injection ultimately depends on how that service was implemented. The fact that it's a GraphQL service doesn't really factor into it.
There are two different APIs provided by Cloud Spanner. What’s the difference between Cloud Spanner read vs Cloud Spanner SQL API?
Under the hood, they both use the same execution machinery, so you should see very similar performance for both APIs.
The SQL API is more expressive, since it supports constructs like ORDER BY, LIMIT, filtering, etc. But in some cases the Read API can be simpler to use. For example if you're just doing a simple table range scan on a table with a multi-column primary key, and you want to see all rows with primary key greater than ("A","B","C") and less than ("X","Y","Z").
If you have any doubt about which API to use, I would recommend using the query (SQL) API, as it can grow with you as you realize your simple request actually increases in complexity as your application changes organically over time. You need to add an extra selection condition? That is no problem with the SQL API. You actually need to change the ordering of your result set? That is also easy.
I want to use a database in my application. But it should not be a server-based database(like MySQL). Is there any file based database systems for C++ ? It is better if you can suggest a non-relational database. like XML file based ...
Why, yes, there is. Try SQLite.
you can try this:
ZWinSQL
This C++ library provides a thin wrapper to use D. R. Hipp's SQLite, which is a single file based SQL database. ZWinSql does not much more than allow you to create, modify and query a database, contained in a single, local file, using standard SQL commands.
I'm not sure what you mean by file-based database. For example, Informix and MySQL keep their data in files.
However, you mentioned non-relational database, so I suggest you start with couchdb or mongoDB.
SQL lite is an excellent relational database, and, if you are already used to SQL, would be a very good choice IMHO. I have not yet ventured into any production code with a non-relational database, but just looking at key structure makes me realize a lot of thinking above and beyond regular SQL database table design would be involved before I'd feel safe just throwing data into a non-relational database.
if you are not looking for relational database maybe http://soprano.sourceforge.net is something that might suit you. it can be set up to work with local files directly
I need to make a dashboard application using data from http://www.projects.zoho.com
It is a project management site.
ZOHO provides data about projects by APIs available at http://www.zoho.com/projects/developers/projects-api.html
So can I use XCelsius engage to make my dashboard?
Is it feasible & advisable?
Also tell me if any other tool like XCelsius is more suitable for me....
expecting satisfactory answers....
This shouldn't be a problem as long as the results returned via XML aren't too complex. Unfortunately Xcelsius has a hard time dealing with nested XML tags of more than a few levels so it is best to ensure that you try to conform data to a table structure. Taking this into consideration depending on complexity you may or may not have to massage data received from ZOHO prior to loading it into Xcelsius.
You also need to be mindful of flash domain security practices if you are not already aware of them.