Re: Preventing SPARQL injection

Damian Steer schrieb:
 > Use the QueryExecutionFactory methods that accept an initial binding: [1]
> 
> Query q = QueryFactory.create("select * { ?s ?p ?o }");
> 
> QuerySolutionMap qs = new QuerySolutionMap();
> qs.add("s", resource); // bind resource to s
> 
> QueryExecution qe = QueryExecutionFactory.create(q, dataset, qs);
> 
> That's much safer and easier than messing with query strings.

Thank you very much! This was exactly what I was looking for. Didn't
find anything about it in the jena docs, but works fine now.

Kind regards,
Angelo

Received on Thursday, 8 April 2010 09:28:26 UTC