http://stackoverflow.com/questions/197474/hibernate-criteria-vs-hql
2009/8/26 José Romaniello <[email protected]> > I think you should use criteria for this kind of query. > > 2009/8/26 Christian Setzkorn <[email protected]> > > Hi, >> >> >> >> I have implemented the following simplified code to run a dynamic SQL >> query using the Nhibernate 'data access' facility: >> >> >> >> query = @"select ... x = :x"; >> >> >> >> if (_search != null) >> >> { >> >> if (searchOper.Equals("cn")) // contains >> >> { >> >> search_expression = String.Format( " and {0} like >> '%{1}%'", searchField, searchString.ToLower()); >> >> } >> >> >> >> if (searchOper.Equals("bw")) // begins with >> >> { >> >> search_expression = String.Format(" and {0} like >> '{1}%'", searchField, searchString.ToLower()); >> >> } >> >> >> >> if (searchOper.Equals("ew")) // ends with >> >> { >> >> search_expression = String.Format(" and {0} like >> '%{1}'", searchField, searchString.ToLower()); >> >> } >> >> >> >> if (searchOper.Equals("eq")) // equal >> >> { >> >> search_expression = String.Format(" and {0} = '{1}'", >> searchField, searchString.ToLower()); >> >> } >> >> } >> >> >> >> if (sord.Trim().Equals("desc") == true) >> >> { >> >> order_expression = String.Format(" order by {0} desc", >> sidx); >> >> } >> >> else >> >> { >> >> order_expression = String.Format(" order by {0} asc", >> sidx); >> >> } >> >> >> >> query += search_expression + order_expression; >> >> >> >> original_data = >> NHibernateHelper.GetCurrentSession().CreateSQLQuery(query) >> >> .SetParameter("x", x) >> >> .List<object>(); >> >> >> >> This works fine but I think it could be improved. For example, is there a >> danger of SQL injection attack??? >> >> >> >> An improvement would be to use SetParameter and/or SetString to change to >> original query and add the search_expression and order_expression. However, >> I seem to have problems with this. ADO.NET, which I presume Nhibernate >> uses, says it cannot execute the query when I try to use SetParameter and/or >> SetString. >> >> >> >> Any idea why that is? Or is my code ok? >> >> >> >> Thanks in advance. >> >> >> >> Best wishes, >> >> >> Christian >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
