cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Durchholz, Joachim" <Joachim.Durchh...@hennig-fahrzeugteile.de>
Subject RE: How to turn on escaping for named queries
Date Tue, 15 May 2012 10:05:04 GMT
If that's your query, you don't want to use escaping, you want to set this up as a prepared
statement.

I'm not using Cayenne actively (still Hibernate here, don't know when or if I can switch),
so I can only guess, but it would probably be something like
  Select something from table where value = :xxx
in the named query and
  namedQuery.bind('xxx', valueFromParameterInJava)
for the Java side.

Actually, the only use case where prepared statements aren't a vastly superior alternative
is if you need to substitute a table or field name into your SQL. But that's not very useful
unless you're doing something like phpMyAdmin. Or if you implement something like a query
rewriting layer.

-----Original Message-----
From: Simran Narula [mailto:snarula@avoka.com] 
Sent: Tuesday, May 15, 2012 1:54 AM
To: user@cayenne.apache.org
Subject: RE: How to turn on escaping for named queries

Thanks for the rely Andrus,

These are bunch of select queries like following:

<query name="getSomething" factory="org.apache.cayenne.map.SQLTemplateBuilder" root="data-map"
root-name="MyApplicationMap"> <property name="cayenne.GenericSelectQuery.fetchingDataRows"
value="true"/>
		<sql><![CDATA[
	Select something from table where value = '${valueFromParameterInJava}'
		]]></sql>
</query>

Following Is what I am doing in Java..

// create new map parameters... and insert key value pairs... 
NamedQuery query = new NamedQuery("getSomething", parameters); List resultMaps = getDataContext().performQuery(query);
List<MyEntity> results = new ArrayList<OrderBean>();

..

I am looking to escape single quotes only ( ' ) 

Thanks


-----Original Message-----
From: Andrus Adamchik [mailto:andrus@objectstyle.org]
Sent: Monday, 14 May 2012 6:00 PM
To: user@cayenne.apache.org
Subject: Re: How to turn on escaping for named queries

Hi,

You do not indicate what type of queries you have (SelectQuery, SQLTemplate, etc?) Also could
you give an example of what characters you'd like to escape? There is a good chance the answer
will be to escape it manually, but I was wondering about the use case.

Andrus


On May 7, 2012, at 6:45 AM, Simran Narula wrote:
> Hi,
> 
> I have a bunch of named queries in my application.map.xml...
> 
> And cayenne does not seems to be escaping the parameter values when 
> these queries are executed
> 
> Is there a way I can SWITCH ON escaping for these named queries in cayenne or is there
no way and I will have to manually escape the parameter values passed to these queries ??
> 
> Thanks


Mime
View raw message