scala - What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

Question

Welcome To Ask or Share your Answers For Others

scala - What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

scala - What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

Assume a SchemaRDD rdd with a registered table customer. You want to filter out records according to a user input. One idea you might have how to do this is the following:

rdd.sqlContext.sql(s"SELECT * FROM customer WHERE name='$userInput'")

However, since the old days of PHP we know that this can lead to nasty things. Is there an equivalent of PreparedStatement? The only thing I could find that looked remotely relevant is org.apache.commons.lang.StringEscapeUtils.escapeSql.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T18:21:39+0000

One option would be to use the thriftserver to expose jdbc, and then the usual techniques could be used (PreparedStatement etc.) to prevent sql injection.

Categories

scala - What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

scala - What is the preferred way to avoid SQL injections in Spark-SQL (on Hive)

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags