the second will work. But, you make yourself vulnerable to SQL injection. As odd as the other syntax is, it is the only way to avoid SQL injection. So, you would be using that syntax no matter what. Even if you weren't using iBatis.
Brandon On 4/14/05, Ron Grabowski <[EMAIL PROTECTED]> wrote: > Have you tried using CDATA like this (I'd be curious to know if this > works or not): > > <isNotEmpty prepend="AND" property="description"> > <![CDATA[ > xyz > ]]> > </isNotEmpty> > > Maybe I missed this in the other responses to this thread, but does > this work: > > <isNotEmpty prepend="AND" property="description"> > description like '%$description$%' > </isNotEmpty> > > --- Nic Werner <[EMAIL PROTECTED]> wrote: > > I tried the CDATA, but then the <isEmpty> type statements are not > > processed and are passed directly to Oracle. > > > > > Thanks for all the suggestions, I'll use the overly awkward concat > > solution that Brandon and Paul mentioned. > > > > - NIc. > > > > Paul Barry wrote: > > > > > CDATA is not going to help. The acutal SQL query that iBATIS will > > > execute is: > > > > > > SELECT * > > > FROM device,person > > > where device.owner = person.regid > > > and description like %'this is the descirption'% > > > > > > You can see how that is going to cause a problem. Change your > > query > > > in the sqlmap to look like this: > > > > > > > > > SELECT * > > > FROM device,person > > > where device.owner = person.regid > > > and description like '%'||%#description#||'%' > > > > > > Sheehan, Andrew wrote: > > > > > >> Hiya, > > >> > > >> Would you be able to use a CDATA section in your where clause? > > >> > > >> HTH, > > >> > > >> Andrew > > >> > > >> -----Original Message----- > > >> From: Nic Werner [mailto:[EMAIL PROTECTED] Sent: Wednesday, April > > > > >> 13, 2005 8:57 PM > > >> To: ibatis-user-java@incubator.apache.org > > >> Subject: LIKE and Wildcards > > >> > > >> Hi again, > > >> Is there a way to use the 'like' operator and also use > > wildcards? > > >> I'm trying to use Oracle with this, and the following does not > > work: > > >> > > >> SELECT > > >> * FROM device,person > > >> where device.owner = person.regid > > >> <isNotEmpty prepend="AND" property="description"> > > >> description like %#description#% > > >> (I get invalid symbol) > > >> > > >> All examples only use the equivalent of #description# which > > doesn't > > >> add anything of value, it is the equivalent of using '='. > > > > > > > >
