cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Ryabitskiy <evgeny.ryabits...@gmail.com>
Subject Re: Velocity parsing error with "##"
Date Fri, 13 Aug 2010 09:12:01 GMT
I suggest you could use #bind directive here.

SELECT COUNT(JOBNAME) AS RESULT FROM JMASTER WHERE SKDID = 67 AND
UPPER(JOBNAME) = #bind($JOB_PARAM)

So if you pass TEST## in JOB_PARAM it will be handled via JDBC as
String (not by Velocity), so it will be prepared statement.

Also it will protect your application from any SQL-Injection in this
param and it's usually faster to user prepared statements (depends
from DBMS type).

Evgeny.


2010/8/13 Laurent Marchal <lmarchal@smaeur.eu>:
>  Hi all,
>
>    After months of using Cayenne 3.0 (which is awesome BTW) I just
> discovered that when I put two "##" in some of my object names in database
> and then I use some SQLTemplate I have a Velocity error. It seems that
> Velocity does not like ## because it's detected as a bad directive. I looked
> in the Velocity documentation but to me  it's supposed to ignore single
> quoted string literals.
> <http://velocity.apache.org/engine/releases/velocity-1.6.4/user-guide.html#stringliterals>
>
> Caused by: org.apache.cayenne.CayenneRuntimeException: [v.3.0 Apr 26 2010
> 09:59:17] Error parsing template 'SELECT COUNT(JOBNAME) AS RESULT FROM
> JMASTER WHERE SKDID = 67 AND UPPER(JOBNAME) = 'TEST##'' : Lexical error:
> org.apache.velocity.runtime.parser.TokenMgrError: Lexical error at line 1,
> column 92.  Encountered: <EOF> after : ""
>    at
> org.apache.cayenne.access.jdbc.SQLTemplateProcessor.buildStatement(SQLTemplateProcessor.java:149)
>    at
> org.apache.cayenne.access.jdbc.SQLTemplateProcessor.processTemplate(SQLTemplateProcessor.java:122)
>    at
> org.apache.cayenne.access.jdbc.SQLTemplateAction.performAction(SQLTemplateAction.java:125)
>    at
> org.apache.cayenne.access.DataNodeQueryAction.runQuery(DataNodeQueryAction.java:87)
>    at org.apache.cayenne.access.DataNode.performQueries(DataNode.java:269)
>
> Do you have any advices to make Velocity ignore parsing these names ?
>
> Thanks.
>
>
>
>
>

Mime
View raw message