I am attempting to create a re-usable subgraph for retrieving a database value based on a query parameter passed in. For scalability reasons, it is not reasonable to read the whole table and then filter in CloverDX.
The only way I have been able to figure out how to pass a parameter to SQL is when it is a parameter of the graph itself. Unfortunately, that parameter replacement is just a String variable replacement in the query, leading to potential SQL injection attacks.
In the documentation for DatabaseReader, I see there are question marks in the " Query statement with mapping" section which leads me to believe there is some other way of specifying String query parameters to a Prepared Statement without risking injection.
Any guidance is greatly appreciated,