Convert string to ORecordId in server side function

19 views
Skip to first unread message

Avi Kessler

unread,
Jun 30, 2021, 1:34:25 PM6/30/21
to OrientDB

Hi ,
We are experimenting with OrientDB for a POC project. We want to implement a simple search server-side function.

The plan is to receive an array of strings as an input parameter, pass it to the query and return the result (to prevent sql injection)

Here is a snippet of our server side function

var ids = (idsInput) ? JSON.parse(idsInput) : null; // ids will be an array of string like ["#75:0"]
var g = orient.getDatabase();
var sql = "select * from Article where in() CONTAINS ?";
return g.query(sql, ids);

The issue is that "CONTAINS" condition dose not work with array of strings.

select * from Article where in() CONTAINS [#75:0] // works
select * from Article where in() CONTAINS ["#75:0"] // dose not work !

The way we see it we have two options :

  1. convert the ids to array of ORecordId
  2. change the query so the "in()" section will be converted to an array of strings

We didnt able to do it in either way.
Is there a way to do one of the Items or a third way to solve this ?

Many thanks in advance.

Reply all
Reply to author
Forward
0 new messages