Skip to content

SQLReader getDataframe by table name#18

Merged
AuPath merged 4 commits intomainfrom
feat-sql-dataframe-from-table-name
Jun 25, 2024
Merged

SQLReader getDataframe by table name#18
AuPath merged 4 commits intomainfrom
feat-sql-dataframe-from-table-name

Conversation

@AuPath
Copy link
Collaborator

@AuPath AuPath commented Apr 9, 2024

Also implemented for debugQuery function. Has been tested with the r2rml examples. Closes #17.

feat: SQLReader getDataframe by table name
30aa01a 
Also implemented for debugQuery function.
@AuPath AuPath self-assigned this Apr 9, 2024
@AuPath AuPath requested a review from marioscrock April 9, 2024 10:22
marioscrock
marioscrock requested changes Apr 10, 2024
View reviewed changes
src/main/java/com/cefriel/template/io/sql/SQLReader.java Outdated

return dataframe;
else {
String q = "SELECT * FROM " + query;
Copy link
Member

@marioscrock marioscrock Apr 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PreparedStatement should be initialised with ? for the table name, then setString should be invoked to add the table name

Copy link
Collaborator Author

@AuPath AuPath Apr 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This apparently cannot be done for table names.
https://stackoverflow.com/questions/11312155/how-to-use-a-tablename-variable-for-a-java-prepared-statement-insert

Copy link
Collaborator Author

@AuPath AuPath Apr 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A reasonable thing to do might be to:

  1. Retrieve all table names from the db connection
  2. Check that the user submitted table name matches a table from the db
  3. Signal an error if not

Copy link
Member

@marioscrock marioscrock Apr 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good idea! Maybe this can be done in the SQLReader constructor storing the list of tables as a private variable. In any case, we can create a separate issue for this problem mentioning also other security concerns due to the fact that a custom SQL query can be provided

@AuPath AuPath requested a review from marioscrock April 10, 2024 08:53
marioscrock
marioscrock requested changes Apr 11, 2024
View reviewed changes
@AuPath AuPath merged commit 12c6918 into main Jun 25, 2024
@AuPath AuPath deleted the feat-sql-dataframe-from-table-name branch June 25, 2024 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marioscrock marioscrock marioscrock requested changes

Assignees

@AuPath AuPath

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add method to get Dataframe from a SQL Table

2 participants

@AuPath @marioscrock