[
https://issues.apache.org/jira/browse/HIVE-20551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626595#comment-16626595
]
Sergey Shelukhin commented on HIVE-20551:
-----------------------------------------
-1 this patch for ints is unnecessary and probably introduces some overhead.
It's impossible to do string injection via an integer. Can this be removed from
integral type lists?
> Create PreparedStatement query dynamically when IN clause is used
> -----------------------------------------------------------------
>
> Key: HIVE-20551
> URL: https://issues.apache.org/jira/browse/HIVE-20551
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Reporter: Laszlo Pinter
> Assignee: Laszlo Pinter
> Priority: Major
> Attachments: HIVE-20551.01.patch, HIVE-20551.02.patch,
> HIVE-20551.03.patch, HIVE-20551.04.patch, HIVE-20551.05.patch,
> HIVE-20551.06.patch, HIVE-20551.07.patch
>
>
> In the MetaStoreDirectSql class when IN clause is used, the query statement
> is created via string concatenation.
> Since JDBC API allows only one literal for one “?” parameter,
> PreparedStatement doesn’t work for IN clause queries. To create the
> PreparedStatement query dynamically based on the size of the elements in IN
> clause, the makeParams() should be used instead of concatenation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
