ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon Goodin <brandon.goo...@gmail.com>
Subject Re: string substitution example/docs
Date Fri, 15 May 2009 21:02:16 GMT
There isn't much to say. $blah$ is a literal whereas #blah# will convert to
a ? for the prepared statement.

say you have a property of id on Person and set its value to 1

public class Person {
  private Integer id;
  //getter/setter
}

If you use the following syntax in your mapped statement:
select name from person where id = #id#

ibatis will convert the #id# to a ? for use in the prepared statement:
select name from person where id = ?

if on the other hand you used the $id$ ibatis would pass the following to
the prepared statement
select name from person where id = 1

The obvious caution here is that the $literal$ syntax should never be
utilized in a place that the public can alter it. You open yourself to SQL
injection risks. In other words don't take a value that is passed in from a
web page and assign it in your SQL as s literal.

Brandon


On Fri, May 15, 2009 at 3:52 PM, Alin Popa <alin.popa@gmail.com> wrote:

> Hi,
>
> There is a place where I can find some documentation/examples/links
> related to string substitution in ibatis ? ($substitution$ thingy
> ....)
> In the official pdf documentation I didn't find anything about it;
> also google didn't helped much.
>
> Thanks,
> Alin
>

Mime
View raw message