Is it possible to natively check whether a SQL query requires a parameter(positional or named) to be injected??? I can do it using 'regex' but was searching for some native odb API way.
Thanx
Note : Have removed the updated comment, felt it was unethical
The official answer is NO, here is no exposed API for this right now.
All you can do right now (v 2.2 and 3.0) is parse the SQL statement as follows:
String statement = ....; // the SQL query
InputStream is = new ByteArrayInputStream(statement.getBytes());
OrientSql osql = new OrientSql(is);
OStatement result = osql.parse();
and check its content to find instances of OInputParameter.
PLEASE CONSIDER THAT IT'S NOT INTENDED AS A PUBLIC API, SO IT MAY CHANGE IN NEXT RELEASES.