I have seen some talend open studio tutorials and documentation speaking about SQL query building. In them, the advice was to build the query using concatenation like:
"Select id, name, phone from customers where id=" + (String)globalMap.get("_tcomponent_var")
to parametrize the query. I really dont like this way of building queries. I would like to know if there is a way to parametrize queries inside talend components like in ADO.NET or JDBC, when you put special variables inside the query string and you then add the values of this variables as parameters.
How can I achieve this using talend?
I'm afraid of security issues (sql injection) and I believe building string by concatenating is a bad practice.
Ok, I found the answer myself. There are components named txxxRow (tMysqlRow, tMSSqlRow, etc) that have and advanced configuration where you can set the preparedStatement.
It is sad that sqlxxxInput components doesn't have this option.