ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ECharl...@nyiso.com
Subject Re: Dynamic Java SQL
Date Mon, 09 Jun 2008 20:16:59 GMT
Thanks Nathan.

I picked through the iBATIS source and think I see what's happening.
Roughly it looks like iBATIS pulls in the <include>s then the #param#s then
finally the $string$s.

I'll try to accomplish what I was trying to accomplish using <include>s and
see how far I can get, rather than turning my parameters into Strings and
generating the statement in Java and including it using $ in the iBATIS
statement.





                                                                           
             "Nathan Maves"                                                
             <nathan.maves@gma                                             
             il.com>                                                    To 
                                       user-java@ibatis.apache.org         
             06/09/2008 11:42                                           cc 
             AM                                                            
                                                                   Subject 
                                       Re: Dynamic Java SQL                
             Please respond to                                             
             user-java@ibatis.                                             
                apache.org                                                 
                                                                           
                                                                           
                                                                           




You cannot quite do what you are trying to do.

You need to get the string fully ready to send to the map and then use the
$$ life you have in your example.

Be very weary about this approach because you might leave yourself open to
sql injection

On Mon, Jun 9, 2008 at 8:50 AM, <ECharlton@nyiso.com> wrote:
  Dangit, I didn't change the Subject to be unique. Sorry..



  Is there any way to generate an iBATIS statement in Java, including
  property references that reference attributes of the same object that you
  passed in the statement?

  Ok so I'd like to give iBATIS a map with 2 elements:

  Map<String, Object> mapToGiveIbatis;

  mapToGiveIbatis.put( "ibatisStatement", "SELECT * FROM user  WHERE userid
  =
  #useridInputParam#" );
  mapToGiveIbatis.put( "useridInputParam", 1257 );

  ......queryForObject( "javaGeneratedIbatisStatement", mapToGiveIbatis );

  And the ibatis looks like this:
   <select id="javaGeneratedIbatisStatement" ....>
     $ibatisStatement$
   </select>


  I get the feeling I misread the book, where it said that iBATIS did the $
  replacements before the prepared statement, but in my case it would have
  to
  do the $ replacements and then re-read the statement to do the #
  replacements, pulling the # replacements from the same map that I passed
  in
  the statement itself, which, after thinking about it more, doesn't seem
  like it would.


  -----------------------------------------
  *******************************************************************
  ***
  The information in this email is confidential and may be legally
  privileged against disclosure other than to the intended recipient.
  It is intended solely for the addressee. Access to this email by
  anyone else is unauthorized.

  If you are not the intended recipient, any disclosure, copying,
  distribution or any action taken or omitted to be taken in reliance
  on it, is prohibited and may be unlawful.  Please immediately
  delete this message and inform the sender of this error.
  *******************************************************************
  ***




-----------------------------------------
*******************************************************************
***
The information in this email is confidential and may be legally
privileged against disclosure other than to the intended recipient.
It is intended solely for the addressee. Access to this email by
anyone else is unauthorized.

If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful.  Please immediately
delete this message and inform the sender of this error.
*******************************************************************
***


Mime
View raw message