QueryMacro.java

/***************************************************************************
   Copyright 2012 Emily Estes

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
***************************************************************************/
package net.metanotion.sqlc;


import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Map;

import net.metanotion.sqlc.setters.SQLSetter;

/** This expression dynamically creates a SQL statement by replacing parameterized strings in the statement itself.
<b>NOTE:</b> This macro builder allows for SQL injections because it is designed to build a SQL statement from raw
unsanitized strings.
*/
public final class QueryMacro implements QueryExpr<ResultSet> {
	public final Iterable<SQLSetter> setters;
	public final Iterable<SQLElement> statement;
	/** Create a new query macro that builds a SQL statement from the elements and sets it's parameters with the
		setters.
		@param setters The list of setters to populate the parameters of the query.
		@param statement The list of SQL elements to build the query.
	*/
	public QueryMacro(final Iterable<SQLSetter> setters, final Iterable<SQLElement> statement) {
		this.setters = setters;
		this.statement = statement;
	}

	@Override public ResultSet eval(final Connection conn, final Map<String,Object> env) throws SQLException {
		final StringBuilder sql = new StringBuilder();
		for(final SQLElement e: statement) { sql.append(e.getRawSQL(env)); }
		try (final PreparedStatement stmt = conn.prepareStatement(sql.toString())) {
			for(final SQLSetter s: setters) { s.set(stmt, env); }
			return stmt.executeQuery();
		}
	}
}