W3C home > Mailing lists > Public > public-lod@w3.org > April 2010

Re: Preventing SPARQL injection

From: Angelo Veltens <angelo.veltens@online.de>
Date: Thu, 08 Apr 2010 11:26:33 +0200
Message-ID: <4BBDA149.30207@online.de>
To: Damian Steer <d.steer@bristol.ac.uk>
CC: 'Linked Data community' <public-lod@w3.org>, jena-dev@yahoogroups.com
Damian Steer schrieb:
 > Use the QueryExecutionFactory methods that accept an initial binding: [1]
> 
> Query q = QueryFactory.create("select * { ?s ?p ?o }");
> 
> QuerySolutionMap qs = new QuerySolutionMap();
> qs.add("s", resource); // bind resource to s
> 
> QueryExecution qe = QueryExecutionFactory.create(q, dataset, qs);
> 
> That's much safer and easier than messing with query strings.

Thank you very much! This was exactly what I was looking for. Didn't
find anything about it in the jena docs, but works fine now.

Kind regards,
Angelo
Received on Thursday, 8 April 2010 09:28:26 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:26 UTC