ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Maves <nathan.ma...@gmail.com>
Subject Re: special characters in xml
Date Mon, 10 May 2010 14:19:46 GMT
The most common and safe(sql injection) method is to continue to use
prepared statement parameters and create the value in Java.

In Java construct the String with a StringBuilder and then pass the value
into a normal iBatis parameter #{value}.

Nathan

On Mon, May 10, 2010 at 5:27 AM, masonkante@libero.it
<masonkante@libero.it>wrote:

> Hi,
>
> I'm using ibatis 3.0 and I need help using special character in xml mapping
> files.
> Thanks to ibatis I switch between mysql server and Apache derby Embedded
> database easily but i need to write a like condition in a way compatible
> with
> both db.
>
> What I want to get is "like '%<value>%'", but in xml this create some
> problem
> (% is special character, I try with cddata but doesn't work).
> At first  I solve in mysql using concat function concat('%',<value>,'%').
> This doesn't work with apache derby, because it doesn't support this kind
> of
> function.
> Somebody can help me to write this expression in a way that work with both
> databases.
>
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-java-unsubscribe@ibatis.apache.org
> For additional commands, e-mail: user-java-help@ibatis.apache.org
>
>

Mime
View raw message