Binding Java variables to XQuery

1. Protect your XQuery code from the jokers

In Java/SQL based applications, one of the worst things a developer could can do is pass user content directly into an SQL expression string. Because if the end user knows what they are doing and has a malicious streak in them, they could easily start writing additional SQL code for you. Bad times.

The same story is true in your Java/XQuery applications, which is why it's best to bind these values as XQuery external variables. The XQJ will take care of that 'interesting' content.

2. XML Schema datatype validation

This mechanism also lets the XQJ API do some additional datatype checking for you. For instance, in the XML Schema datatype model there is a type xs:unsignedInt. The XQJ API can check that an int value you're attempting to bind for instance, actually passes the requirements for the xs:unsignedInt datatype before the expression is even executed.

The following code illustrates binding a Java variable to an XQExpression object.

import javax.xml.xquery.*; import javax.xml.namespace.QName; import net.cfoster.sedna.xqj.SednaXQDataSource; public class LookupByISBN { private static final String DEFAULT_ISBN = "059652112X"; public static void main(String[] args) throws XQException { XQDataSource xqs = new SednaXQDataSource(); xqs.setProperty("serverName", "localhost"); xqs.setProperty("databaseName", "test"); XQConnection conn = xqs.getConnection("SYSTEM", "MANAGER"); XQExpression xqe = conn.createExpression(); String ISBN_ID = args.length > 0 ? args[0]:DEFAULT_ISBN; // Bind variable to expression xqe.bindString(new QName("userisbn"), ISBN_ID, null); String xqueryString = "declar