[ http://issues.apache.org/jira/browse/IBATIS-333?page=comments#action_12429121 ] Andrey commented on IBATIS-333: -------------------------------
Simple. Because when iBatis lives behind DAO only POJO properties seen. It is really bad idea to use SQL fields in external world. Let's imagine, we have jsp table. How many code You write to check, that substitution is correct? That there is no sql injection? If field name changed? With this feature your can write generic code, which will sort (not in all case, but in many) only by property name and nothing know about internal database fields. I know, we can use $subsitution$ and all fields in SQL represent with "as alias". But this is double work. I _already_ have described fields <-> properties, why I can't use them? And in any case $substitution$ is _very_ insecure. I use it only in special cases and always this usage doesn't cross DAO boundaries... > Patch which allow to subsititute property with column name from ResultMap in > dynamic sql > ---------------------------------------------------------------------------------------- > > Key: IBATIS-333 > URL: http://issues.apache.org/jira/browse/IBATIS-333 > Project: iBatis for Java > Issue Type: New Feature > Components: SQL Maps > Affects Versions: 2.2.0 > Reporter: Andrey > Attachments: insertColumnName.patch > > > In situtation, when i need to implement sorting, I need to create such > monster, like abator creates for me. But > if i only need sorting, here should be mapping beetween columns and > properties (if they specified explicitly > in ResultMap). In this case, i can write > <resultMap id="dynamicAccountResult" class="testdomain.Account"> > <result column="ACC_ID" property="id"/> > <result column="ACC_FIRST_NAME" property="firstName"/> > <result column="ACC_LAST_NAME" property="lastName"/> > <result column="ACC_EMAIL" property="emailAddress"/> > </resultMap> > <select id="dynamicInsertColumnName" > parameterClass="string" > resultMap="dynamicAccountResult"> > select > ACC_ID, > ACC_FIRST_NAME, > ACC_LAST_NAME, > ACC_EMAIL > from ACCOUNT > <dynamic> > <insertColumnName prepend="where"> = 1</insertColumnName> <!-- ibatis > replace this with column mapped for "id" passed as unnamed property --> > <insertColumnName prepend="order by"/> > </dynamic> > </select> > public void testInsertColumnName() throws SQLException { > List list = sqlMap.queryForList("dynamicInsertColumnName", "id"); // Here > we pass our property name > assertEquals(1, list.size()); > } > SQL will be > select > ACC_ID, > ACC_FIRST_NAME, > ACC_LAST_NAME, > ACC_EMAIL > from ACCOUNT > where ACC_ID = 1 > order by ACC_ID > In any case, we can pass some AccountCriteria which will hold a list with > soring properties names and we can iterate in dynamic sql > and get multiply field "order by" clause > PS: Not all things tested yet. No errors thrown. This is alpha of this > feature. This is proof of conecpt (due of little amount of structural > changes in other ibatis classes). If developers wan't this feature and agree > with my decisions, I'll implement all other bells and whishes > like error checking, tests and may be other extensions for this tag. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
