Hi,
I was looking for the support of bind variables as Ruslan pointed out.
I came around with a different workaround as we cannot use dataframes in
our project,we are more dependent on using the SQL queries.
val HC=new HiveContext(sc)
val query=HC.sql("select * from eici_view where customername='_
Using dataframe API is a good workaround.
Another way would be to use bind variables. I don't think Spark SQL
supports them.
That's what Dinesh probably meant by "was not able to find any API for
preparing the SQL statement safely avoiding injection".
E.g.
val sql_handler = sqlContext.sql("SELEC
Either that or use the DataFrame API, which directly constructs query plans
and thus doesn't suffer from injection attacks (and runs on the same
execution engine).
On Thu, Sep 10, 2015 at 12:10 AM, Sean Owen wrote:
> I don't think this is Spark-specific. Mostly you need to escape /
> quote user-
I don't think this is Spark-specific. Mostly you need to escape /
quote user-supplied values as with any SQL engine.
On Thu, Sep 10, 2015 at 7:32 AM, V Dineshkumar
wrote:
> Hi,
>
> What is the preferred way of avoiding SQL Injection while using Spark SQL?
> In our use case we have to take the par
Hi,
What is the preferred way of avoiding SQL Injection while using Spark SQL?
In our use case we have to take the parameters directly from the users and
prepare the SQL Statement.I was not able to find any API for preparing the
SQL statement safely avoiding injection.
Thanks,
Dinesh
Philips Indi
