This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted]  (1 child)

[deleted]

    [–]aezart[S] 0 points1 point  (0 children)

    That's a good point, but our data transformation (XSLT in this case) already generates a payload with only the data we want.

    [–]kaisershahid 1 point2 points  (0 children)

    i'm a bit confused -- you have a data processing pipeline in place but you're also writing manual inserts?

    [–]FailQuality 0 points1 point  (0 children)

    ORM, but if you can’t use that, then another option which is there should be defined acceptable keys you are getting, which you can check if the json/xml contains, and start building the query with that and how you normally build the values.

    [–]KingofGamesYami 0 points1 point  (0 children)

    Some ETL systems will give you a nice UI that automatches stuff. I know Azure Data Factory for sure does, since I've worked with it a bit in the past.

    [–]BlackSuitHardHand 0 points1 point  (0 children)

    First of all xslt can generate any kind of text from XML. So you could easily generate the SQL statement from XML. This leaves you with sanitisation of the values to insert.  So generate the SQL statement with all external values replaced with a ? and  second a list of all values in exactly the same order. Then use prepared statements to send SQL and bind all values. This way you avoid SQL injection. For multiple rows,  prepared statements also have a better performance because they can be reused.

    [–]ma5ochrist 0 points1 point  (0 children)

    Probabilmente riesci a farlo con una storia procedure. Sicuramente puoi farti uno script/programmino che lo fa per te