Return-Path: Delivered-To: apmail-cayenne-user-archive@www.apache.org Received: (qmail 45892 invoked from network); 12 Feb 2009 05:09:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Feb 2009 05:09:15 -0000 Received: (qmail 56827 invoked by uid 500); 12 Feb 2009 05:09:14 -0000 Delivered-To: apmail-cayenne-user-archive@cayenne.apache.org Received: (qmail 56810 invoked by uid 500); 12 Feb 2009 05:09:14 -0000 Mailing-List: contact user-help@cayenne.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cayenne.apache.org Delivered-To: mailing list user@cayenne.apache.org Received: (qmail 56799 invoked by uid 99); 12 Feb 2009 05:09:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2009 21:09:14 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of robert.zeigler@gmail.com designates 74.125.46.153 as permitted sender) Received: from [74.125.46.153] (HELO yw-out-1718.google.com) (74.125.46.153) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Feb 2009 05:09:06 +0000 Received: by yw-out-1718.google.com with SMTP id 6so1097338ywa.82 for ; Wed, 11 Feb 2009 21:08:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=nIiGnozDQ3pdoCpB42gXFjQHvISeSSs3dEzVxyyKL9Y=; b=YlubzNny1KRkP+19Tn4PT0XzB1MgffUIR5e8ZFfcM1ln4VyCvvXmpLNFHtpKcURmDK 1HK/dEz49y+4NzVwHmZNuKjjGW6OOhPg40oBBt71bgUwnh+u/RJ8rpa3IKvym/qOojrF GOvNbq9IewCYZKsB/CmENA8wU5skOnvkc6l+8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=EPDumUACLivSQBcWlmLMlVGShDWwkrnCJkVA1aCAafnI+82bj3rTp1RfxUT107ObL9 k9Ef8ikZHLvXbR5aA/z72g7Pfi8nKnH8gySTQkEkomh2UIN8nAn93gjroV57iV4wgu09 fTQhKYoQR4pXQ3R0T0J/cWhUuPWNGs4fQRdOs= Received: by 10.64.3.10 with SMTP id 10mr208415qbc.86.1234415325262; Wed, 11 Feb 2009 21:08:45 -0800 (PST) Received: from ?192.168.0.2? (ppp-70-242-134-195.dsl.stlsmo.swbell.net [70.242.134.195]) by mx.google.com with ESMTPS id p6sm1234857qbp.25.2009.02.11.21.08.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 11 Feb 2009 21:08:44 -0800 (PST) Message-Id: <5D355F0C-F315-4B0E-9905-25F821764DC8@puregumption.com> From: Robert Zeigler To: user@cayenne.apache.org In-Reply-To: <4993A960.4070101@mark100.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: Apostrophe escaping in select Date: Wed, 11 Feb 2009 23:08:42 -0600 References: <4993A960.4070101@mark100.net> X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org Two comments. First, for the query you're running, you probably want an object select query, rather than SQLTemplate: SelectQuery q = new SelectQuery(Person.class); Expression qual = ExpressionFactory.matchExp(Person.COUNTRY_PROPERTY,country); qual = qual.andExp(ExpressionFactory.matchExp(Person.NAME_PROPERTY,name); q.setQualifier(qual); dataContext().performQuery(qual); I typically use SQLTemplate for performance reasons, or to express some query that doesn't necessarily correlate to a particular object in the db (aggregrate-function queries, like sums, counts, etc.). Otherwise, I stick with object-select queries. You could even create the above object select query in the modeler and just reference it by name in the code: dataContext.performQuery("PersonSelectQuery",params);//2.0.4 only; for 3.0, you would used a NamedQuery object; params is a map with the appropriate parameters, as below. But if you really want to use SQLTemplate, then you should do two things: 1) use #result to describe the results that cayenne should expect from your query (instead of select * from, use select #result(...)[, #result(...)] from). 2) use #bind or #bindEqual directives for parameter binding. This ultimately results in Cayenne using prepared statements and plugging in parameters supplied from a map at runtime, so that the parameter is properly escaped by the database driver when you execute the query. For example: SQLTemplate template = new SQLTemplate(Person.class, "SELECT #result(...) FROM people where country_id #bindEqual($countryId) and name #bindEqual($name)"); Map params = new HashMap(); params.put("countryId",country.getId()); params.put("name",name); template.setParameters(params); dataContext().performQuery(template); See: http://cayenne.apache.org/doc20/scripting-sqltemplate.html for more information on #result, #bind, and #bindEqual See: http://cayenne.apache.org/doc20/selectquery.html for more information on select queries. Robert On Feb 11, 2009, at 2/1110:45 PM , Mark Fraser wrote: > hello, > > I am using Cayenne 2.0.4 in a standalone application with Derby > embedded. > > The following code breaks for obvious reasons when there is an > apostrophe ("'") in the person's name. > > --------- > > SQLTemplate template = new SQLTemplate(Person.class, "SELECT * FROM > people where country_id=" + String.valueOf(country.getId()) + " and > name='" + name + "'"); > > List res = dataContext().performQuery(template); > --------- > > What is the best (Cayenne specific or otherwise) approach to dealing > with this problem? > > Thanks >