ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Maves" <nathan.ma...@gmail.com>
Subject Re: Dynamic Java SQL
Date Mon, 09 Jun 2008 15:42:09 GMT
You cannot quite do what you are trying to do.

You need to get the string fully ready to send to the map and then use the
$$ life you have in your example.

Be very weary about this approach because you might leave yourself open to
sql injection

On Mon, Jun 9, 2008 at 8:50 AM, <ECharlton@nyiso.com> wrote:

> Dangit, I didn't change the Subject to be unique. Sorry..
>
>
>
> Is there any way to generate an iBATIS statement in Java, including
> property references that reference attributes of the same object that you
> passed in the statement?
>
> Ok so I'd like to give iBATIS a map with 2 elements:
>
> Map<String, Object> mapToGiveIbatis;
>
> mapToGiveIbatis.put( "ibatisStatement", "SELECT * FROM user  WHERE userid =
> #useridInputParam#" );
> mapToGiveIbatis.put( "useridInputParam", 1257 );
>
> ......queryForObject( "javaGeneratedIbatisStatement", mapToGiveIbatis );
>
> And the ibatis looks like this:
>  <select id="javaGeneratedIbatisStatement" ....>
>    $ibatisStatement$
>  </select>
>
>
> I get the feeling I misread the book, where it said that iBATIS did the $
> replacements before the prepared statement, but in my case it would have to
> do the $ replacements and then re-read the statement to do the #
> replacements, pulling the # replacements from the same map that I passed in
> the statement itself, which, after thinking about it more, doesn't seem
> like it would.
>
>
> -----------------------------------------
> *******************************************************************
> ***
> The information in this email is confidential and may be legally
> privileged against disclosure other than to the intended recipient.
> It is intended solely for the addressee. Access to this email by
> anyone else is unauthorized.
>
> If you are not the intended recipient, any disclosure, copying,
> distribution or any action taken or omitted to be taken in reliance
> on it, is prohibited and may be unlawful.  Please immediately
> delete this message and inform the sender of this error.
> *******************************************************************
> ***
>
>

Mime
View raw message