0

I'm trying to do a query like this:

SELECT * from Employee where First_Name between 'AA' and 'AK'

I'm using the camel sql component and passing a parameter through the header like this:

Query: SELECT * from Employee where First_Name between :#headerParam

Param: AA' and 'AK

I know that Camel's SQL component adds single quotes to the beginning and end of the parameters, and I'm looping through the between params, is there any way it won't remove the single quotes from my parameter?

Kenster
  • 23,465
  • 21
  • 80
  • 106
mariob
  • 1
  • 3
  • 4
    why can't you do SELECT * from Employee where First_Name between :#headerParam1 and :#headerParam2 Is there a specific reason – RamPrakash May 17 '16 at 20:52
  • I think Camel is using prepared statements, and one of the points of prepared statements is that you can't build up SQL queries via String concatenation: i.e. your parameters cannot contain SQL. I think you should separate the parameters as RamPrakash has suggested. – DavidS May 17 '16 at 20:53
  • is it possible to double up the single quotes to escape characters? I know in SQL you can put two single quotes and it escapes the char. So AA'' and ''AK. I know nothing of camel sql, and this comes from knowledge of general SQL. Not sure it'll work but it may be worth a shot. – apollosoftware.org May 17 '16 at 21:02
  • But @RamPrakesh is correct though, it should ideally be two parameters you pass not two with an AND through a parameter. That's sorta funky. – apollosoftware.org May 17 '16 at 21:03
  • @mariob: If that what you suggest would work it would allow sql-injection. Ever thought about that? – Frank May 18 '16 at 08:20
  • Yes, I did use RamPrakash's suggestion to my solution and it works, I wanted to know if I could avoid having to declare 2 params, thanks everyone! – mariob May 18 '16 at 15:37

0 Answers0