|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface Query
Object for executing a query against a Stardog database.
Usage:
Query q = c.query("some sparql query");
q.parameter("foo", 12);
q.parameter("bar", false);
q.parameter("subj", s);
q.offset(10);
q.limit(250);
// run it
TupleQueryResult r = q.executeSelect();
while (r.hasNext()) {
// do awesome things...
r.next();
}
// always close your query result sets!
r.close();
It is recommended that in order to avoid most types of injection attacks via SPARQL, that any
parameterization of queries is handled through the usage of the various parameter methods as opposed to
using string concatenation of a query with user input. These methods will safely handle escaping and insertion
of the provided value into the query while also providing type safety.
For example the query:
String aName = // some value
String aStr = "select * where { ?s rdf:type foaf:Person. ?s foaf:name \""+aName+"\". }";
In the best case where the value of aName is valid, you will be fine. But if aName is pulled from
user input, it could be the case that the user provided the string:
John Doe". ?s private:ssn ?ssn . ?s private:bankAccountNum ?bn. # }
It would yield the query:
select * where { ?s rdf:type foaf:Person. ?s foaf:name "John Doe". ?s private:ssn ?ssn . ?s private:bankAccountNum ?bn. } #". }
Note here that everything after the # is commented out, thus giving the user the ability to select both the person's SSN & bank account number.
If the parameter(String, String) method was instead used by invoking Query.parameter("n", aName), with the original query of
select * where { ?s rdf:type foaf:Person. ?s foaf:name ?n. }, and the malicious input, you'd end up with the incorrect, and innocuous query:
select * where { ?s rdf:type foaf:Person. ?s foaf:name """John Doe". ?s private:ssn ?ssn . ?s private:bankAccountNum ?bn. } """^^xsd:string. }
| Field Summary | |
|---|---|
static long |
NO_LIMIT
Constant value used to specify that a query should not have any limit imposed on the number of results it returns. |
static long |
NO_OFFSET
Constant value used to specify that a query has no offset in its query results |
| Method Summary | |
|---|---|
boolean |
executeAsk()
Execute the ask query |
GraphQueryResult |
executeGraph()
Execute a graph (construct or describe) query |
TupleQueryResult |
executeSelect()
Execute a select query. |
String |
explain()
Return the explanation of this query, which is the plan that will get executed for this query. |
boolean |
isAsk()
Return whether or not this is a boolean query |
boolean |
isGraph()
Return whether or not this is a graph query |
boolean |
isSelect()
Return whether or not this is a select query |
Query |
limit(long theLimit)
Set the maximum number of results that can be returned by this query. |
Query |
offset(long theOffset)
Set the offset of the query results. |
Query |
parameter(String theName,
boolean theValue)
Set the parameter to the xsd:boolean value |
Query |
parameter(String theName,
byte theValue)
Set the parameter to the xsd:byte value |
Query |
parameter(String theName,
Date theValue)
Set the parameter to the xsd:date value |
Query |
parameter(String theName,
double theValue)
Set the parameter to the xsd:double value |
Query |
parameter(String theName,
float theValue)
Set the parameter to the xsd:float value |
Query |
parameter(String theName,
GregorianCalendar theValue)
Set the parameter to the xsd:dateTime value |
Query |
parameter(String theName,
int theValue)
Set the parameter to the xsd:int value |
Query |
parameter(String theName,
long theValue)
Set the parameter to the xsd:long value |
Query |
parameter(String theName,
Object theObj)
Set the parameter to the specified value. |
Query |
parameter(String theName,
short theValue)
Set the parameter to the xsd:short value |
Query |
parameter(String theName,
String theValue)
Set the parameter to the xsd:string value |
Query |
parameter(String theName,
URI theURI)
Set the parameter to the xsd:URI value |
Query |
parameter(String theName,
Value theValue)
Set the value of the parameter |
String |
toString()
Returns the current state of the parameterized SPARQL query for reference where parameters are appended as comments. |
| Field Detail |
|---|
static final long NO_LIMIT
static final long NO_OFFSET
| Method Detail |
|---|
boolean isAsk()
boolean isGraph()
boolean isSelect()
boolean executeAsk()
throws StardogException
StardogException - if there is an error while executing or if this is not a boolean query
GraphQueryResult executeGraph()
throws StardogException
StardogException - if there is an error while executing or if this is not a graph query.
TupleQueryResult executeSelect()
throws StardogException
StardogException - if there is an error while executing or if this is not a select query.
Query parameter(String theName,
Value theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
int theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
long theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
float theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
double theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
short theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
boolean theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
byte theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
String theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
Date theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
GregorianCalendar theValue)
theName - the parameter to settheValue - the value of the parameter
Query parameter(String theName,
URI theURI)
theName - the parameter to settheURI - the value of the parameter
Query parameter(String theName,
Object theObj)
theName - the parameter nametheObj - the param value
Query limit(long theLimit)
NO_LIMIT will not remove
the limit if it is specified in the query, but you can use it to remove a limit that has already been set if there was not a
limit specified in the query originally.
theLimit - the new limit
Query offset(long theOffset)
limit(long) this will override an offset in the query, and you can use NO_OFFSET
to remove an offset specified on the query, but not in the query string.
theOffset - the offset
String explain()
throws StardogException
StardogException - if there is an error explaining the queryString toString()
limit(long),
offset(long), or parameter(String, Value) functions then the result will be the original query
string. If the original query has been modified with one of these functions then the parameters will be appended
at the end of the query string as comments using an appropriate SPARQL keyword (LIMIT, OFFSET, or VALUES).
toString in class Object
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||