A type-safe embedding of SQL into Java using the extensible compiler framework J%

• The SQL queries are syntactically checked.
• Optionally the SQL queries can be validated against a specified SQL database schema.
• Each SQL query can be separately configured with different compile-time features.
• The integration between the Java and SQL is type-safe.
• The compiler automatically generates secure code against SQL injection attacks.

J% is an extension of the Java programming language that efficiently supports the integration of domain-specific languages. In particular, J% allows the embedding of domain-specific language code into Java programs in a syntax-checked and type-safe manner. This paper presents J%׳s support for the sql language. J% checks the syntax and semantics of sql statements at compile-time. It supports query validation against a database schema or through execution to a live database server. The J% compiler generates code that uses standard jdbc api calls, enhancing runtime efficiency and security against sql injection attacks.