Re: connection fails with sybase
Is your driver in the classpath? Dropping the driver .jar file into your TOMCAT_HOME\common\lib directory should work fine... Regards Bertulu Gianluca wrote: Hi, I'm using ibatis 2.0 mith sybase ASE 12.5, but the connection fails with this message: Failed to queryForList - id [getModuli], parameterObject [null]. Cause: org.apache.commons.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.sybase.jdbc2.jdbc.SybDriver' Here you can see my configuration: SqlMapConfig.xml: transactionManager type=JDBC dataSource type=JNDI property name=DataSource value=java:comp/env/SYBASE_server/ /dataSource /transactionManager web.xml: resource-ref res-ref-nameSYBASE_server/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref server.xml: Resource name=SYBASE_server auth=Container type=javax.sql.DataSource/ ResourceParams name=SYBASE_server parameter nameurl/name valuejdbc:sybase:Tds:10.60.4.162:4100/SDG_DB/value /parameter parameter namedriverClassName/name valuecom.sybase.jdbc2.jdbc.SybDriver/value /parameter parameter nameusername/name valuesdguser/value /parameter parameter namepassword/name valuesdguserpwd/value /parameter parameter namemaxIdle/name value1/value /parameter parameter namemaxActive/name value3/value /parameter parameter namemaxWait/name value5000/value /parameter /ResourceParams /Context Thank tou in advance for your response -- Guido García Bernardo - [EMAIL PROTECTED] Tfn. +34 983 54 89 08 ITDEUSTO - Valladolid
Inline parameter
Hi Is it possible to specify the MODE of a parameter (IN/OUT/INOUT) in an inline parameter ? Curently I'm using a parameter map as input for a stored procedure call, but I'd rather us a parameterClass. Thanks in advance Leon van Tegelen -- Leon van Tegelen Cumquat Information Technology De Dreef 19 3706 BR Zeist Tel: +31 (0)30-6940490 Mob: 06-23704686 Fax: +31 (0)30-6940499 Email: [EMAIL PROTECTED]
Re: How to use type handler callbacks inside quiries?
Hi Martin, Curiously this seems to not be well documented. At least, i couldn't find it in the DevGuide. You can do: #myProperty,handler=foo.bar.MyHandler# According to mailing list archives, that should work. Cheers, Daniel Silva. On 7/5/05, Zeltner Martin [EMAIL PROTECTED] wrote: Once again. How does I have to use TypeHandlerCallbacks inside the #myProperty#? I DON'T want to use a separate parameter maps only because I'm needing a type handler for one column! Thanks for your help in advance! Cheers, Martin -Original Message- From: Clinton Begin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 5. Juli 2005 04:02 To: user-java@ibatis.apache.org; Daniel Henrique Ferreira e Silva Subject: Re: How to use type handler callbacks inside quiries? True Daniel, It's possible. But I do sympathize with Marting, as it currently is a pain in the butt. The biggest issue is that you have to ensure that the parameters line up exactly. That is, you need to ensure that all paths of the conditional results result in the exact same number and type of parameters. The design of parameter maps is shotty at the moment (embarassing for a 3 year old project).iBATIS 3.0 (or perhaps even 2.5) will use named parameters, much like Spring, O/R Broker and even ADO .NET (see, there is something to learn from the C# dudes! ;-) Clinton On 7/4/05, Daniel Henrique Ferreira e Silva [EMAIL PROTECTED] wrote: Hi Martin, Why can't you use a parameter map in a dynamic statement? That _is_ possible in iBATIS. Just check the documentation. Cheers, Daniel Silva. On 7/4/05, Zeltner Martin [EMAIL PROTECTED] wrote: Hi, How does I have to declare type handler callbacks inside #myData#? I can not use a parameter maps, because my statement contains dynamic parts. Thanks, Martin
RE: How to use type handler callbacks inside quiries?
Not sure I understand _exactly_ what you want, so just in case: Did you try typeHandler javaType=MyTpe callback=MyTypeHandler/ It works very well for me (as long as you have defined a TypeHandler for a specific class type of your own). It is documented in the wiki: http://opensource.atlassian.com/confluence/oss/display/IBATIS/How+do+I+use+a+Custom+Type+Handler+with+complex+property+or+Type+Safe+Enumeration%3F Cheers Jean-Francois From: Zeltner Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 05, 2005 1:13 PM To: 'user-java@ibatis.apache.org' Subject: RE: How to use type handler callbacks inside quiries? Once again. How does I have to use TypeHandlerCallbacksinside the #myProperty#? I DON'T want to use a separateparameter maps only because I'm needing a type handler for one column! Thanks for your help in advance! Cheers, Martin -Original Message- From: Clinton Begin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 5. Juli 2005 04:02 To: user-java@ibatis.apache.org; Daniel Henrique Ferreira e Silva Subject: Re: How to use type handler callbacks inside quiries? True Daniel, It's possible. But I do sympathize with Marting, as it currently is a pain in the butt. The biggest issue is that you have to ensure that the parameters line up exactly. That is, you need to ensure that all paths of the conditional results result in the exact same number and type of parameters. The design of parameter maps is shotty at the moment (embarassing for a 3 year old project).iBATIS 3.0 (or perhaps even 2.5) will use named parameters, much like Spring, O/R Broker and even ADO .NET (see, there is something to learn from the C# dudes! ;-) Clinton On 7/4/05, Daniel Henrique Ferreira e Silva [EMAIL PROTECTED] wrote: Hi Martin, Why can't you use a parameter map in a dynamic statement? That _is_ possible in iBATIS. Just check the documentation. Cheers, Daniel Silva. On 7/4/05, Zeltner Martin [EMAIL PROTECTED] wrote: Hi, How does I have to declare type handler callbacks inside #myData#? I can not use a parameter maps, because my statement contains dynamic parts. Thanks, Martin
Re: Inline parameter
I believe you can do something like this: #parmName,mode=OUT,jdbcType=NUMERIC#, but IMO, the real question is why? Inline parameters are a great shortcut, but if you have already created a working parameter map, why mess around trying to make it work with an inline one when you lose both flexibility and readability doing so? Larry On 7/5/05, Leon van Tegelen [EMAIL PROTECTED] wrote: Hi Is it possible to specify the MODE of a parameter (IN/OUT/INOUT) in an inline parameter ? Curently I'm using a parameter map as input for a stored procedure call, but I'd rather us a parameterClass. Thanks in advance Leon van Tegelen -- Leon van Tegelen Cumquat Information Technology De Dreef 19 3706 BR Zeist Tel: +31 (0)30-6940490 Mob: 06-23704686 Fax: +31 (0)30-6940499 Email: [EMAIL PROTECTED]
Re: R: [HELP] Whether or not iBatis support SQL Injection?
Yes, it does pass the SQL directly to the driver, but unless you use the $$ syntax for parameters, you should be safe with iBATIS. The $$ syntax is the only part of iBATIS that allows string concatenation, which is the biggest source of SQL injection attacks. If you are using a really crappy jdbc driver, you could have issues with it somehow botching things in it's implementation of prepared statements, but I have not heard of a single case of that happening. Larry On 7/5/05, Fabrizio Gianneschi [EMAIL PROTECTED] wrote: Since iBatis uses PreparedStatements a lot, it's safer than old school JDBC code, even if it's still vulnerable because it passes the SQL directly to the driver without checking, afaik. You can always use some good tricks to increase the robustness of your SQL, but... ...this type of checking is not responsibility of a SQL mapper layer like iBATIS. I think you should check your user input in higher server side layers, such as the presentation one; Struts Actions and/or ActionForms, for example. Fab Da: Pham Anh Tuan [mailto:[EMAIL PROTECTED] Inviato: martedì 5 luglio 2005 12.16 A: iBatis Oggetto: [HELP] Whether or not iBatis support SQL Injection? Hi all, I don't know whether or not iBatis support checking SQL Injection or not ? plz help me :) Pham
Re: [HELP] Whether or not iBatis support SQL Injection?
If you are using the #myProperty# delimiters you need not worry about sql injection. If you use the $myProperty$ literals you would need to guard against sql injection on your own. Brandon. On 7/5/05, Pham Anh Tuan [EMAIL PROTECTED] wrote: Hi all, I don't know whether or not iBatis support checking SQL Injection or not ? plz help me :) Pham
Re: Advantage of Map over Bean as a parameterObject?
okay, since everyone else is chiming in... I'll add to Tim's point. Even if you are using your returned data in a read only format you may also want to perform calculations on the results. With maps you cannot predict what type will be returned by the driver. This results in something like a BigInteger being returned where you expected an Integer. Granted, you can cure this on the resultmap. But, if you are willing to do that... why not simply make it a bean :) Brandon On 7/5/05, Chen, Tim [EMAIL PROTECTED] wrote: A sports car the transforms into a bicycle? I want one of those. Women love transformers. Advantage of maps over beans is that its a simple way to get data that you dont care about manipulating or handling. For example displayed tables that are not editable. If I wanted to see a list of all flights for an airline for example it is simple and easy to hold them as a map keyed by cities and values of collections of destinations. From there you can hold the values of destinations as a hashmap of maybe: City:SomeCity Price:SomePrice DepartTime:SomeTime ArrivalTime:SomeOtherTime Which is fine if you are doing it solely for display purposes but if you are thinking of using it for updating/inserting as well. A javabean allows you to hold any business rules, type cast, validate values, and (very important imo) allows another developer to not have to search thru lines of code to figure out what exactly you are holding in a map which can severly cut down on development/maintanence time. Just my 2 cents (now I have to wait that much longer to get my transforming sports car/bike) From: Clinton Begin [mailto:[EMAIL PROTECTED] Sent: Sunday, July 03, 2005 11:08 AM To: user-java@ibatis.apache.org Subject: Re: Advantage of Map over Bean as a parameterObject? You don't have to change or maintain it. That's an exaggeration. All software requires maintenance, perhaps Maps require less...but the end result is less as well. A bicycle requires less maintenance than a sports car toobut I know what I'm driving home from work. ;-) Cheers, Clinton On 7/3/05, netsql [EMAIL PROTECTED] wrote: 1) You don't have to write a JavaBean class. ;-) 2nd one: 2)You don't have to change or maintain it. As project evolves and front end and back end evolve... there is no maitanance or CRUFT or duplication. I used to do beans for many years. Then I started w/ Groovy, CoR, C#, Flash, etc... They all are Map and Collections based. Even when I make a JTable it needs a collection. I my case, I have no needs for a bean. All my API only takes Map args and sometimes return Lists. (A silly little varargs). After all how often do you get a class cast exception! .V
Re: Advantage of Map over Bean as a parameterObject?
Sortof on a tangent, but unfortunately reporting tools are usually created for handling generic collections that aren't tied to a specific domain model and for having calcs or other really intensive processes be handled by the db (unless it's a really simple calc or quick report). The dynamic SQL strengths of iBATIS can be quite useful in creating ad hoc queries off of a star schema. Roberto
RE: Countng Rows - UPDATE
In the JAVA part I switched count = (Integer) queryForObject(searchCountAvatar, parameterObject); FOR count = (Integer) getObject(searchCountAvatar, parameterObject); Thanks all.. From: Clinton Begin [mailto:[EMAIL PROTECTED] Sent: Monday, July 04, 2005 12:37 AM To: user-java@ibatis.apache.org Subject: Re: Countng Rows Interesting. It looks like the CCE is coming from a bad transaction implementation. Here's the line it's popping on... SqlMapDaoTransaction trans = (SqlMapDaoTransaction) daoManager.getTransaction(this); So the transaction implementation is not an instance of SqlMapDaoTransaction. What transaction manager are you using (i.e can you post your DAO config)? Cheers, Clinton On 7/3/05, Folashade Adeyosoye [EMAIL PROTECTED] wrote: I have quick question please I am trying to run a select count(*) and seem to be getting a ClassCast Exception here is the code. I think it might be related to the Integer been returned. Any help would be appreciated. Thanks (XML) // ADMIN ROLE: count all members that have an avatar // MEMBER ROLE : count all members that have an avatar if member status is ACTIVE statement id=searchCountAvatar resultClass=java.lang.Integer parameterClass=memberObject SELECT COUNT(*) FROM FGC_MEMBERS where MemberAvatar != #memberAvatar# dynamic prepend=where isEqual prepend=and property=memberRole compareValue=MEMBER MemberStatus = #memberID# /isEqual /dynamic /statement (JAVA) public int searchCountAvatar(String role) throws DaoException{ IMember mem = new MemberImpl(); Object parameterObject = null; //int count = 0; Integer count; try { mem.setMemberAvatar(FGCConstants.BLANK); mem.setMemberRole(role); // role == MEMBER or ADMIN mem.setMemberStatus(FGCConstants.ACCOUNT_ACTIVE); parameterObject = mem; count = (Integer) queryForObject(searchCountAvatar, parameterObject); } catch (DaoException sqlEx) { logger.fatal(DaoException Error. + sqlEx.getMessage()); throw new DaoException(sqlEx.getMessage()); } return ((Integer)count).intValue(); //return count; } EXCEPTION === Starting testSearchCountAvatar == INFO [2005-Jul-03 21:36:59] - sqlmapdao.BaseSqlMapDao(BaseSqlMapDao.java:30) - BaseSqlMapDao static block starting... DEBUG[2005-Jul-03 21:36:59] - sqlmapdao.BaseSqlMapDao(BaseSqlMapDao.java:33) - reader = [EMAIL PROTECTED] DEBUG[2005-Jul-03 21:37:00] - sqlmapdao.BaseSqlMapDao(BaseSqlMapDao.java:35) - sqlMap = [EMAIL PROTECTED] INFO [2005-Jul-03 21:37:00] - sqlmapdao.BaseSqlMapDao(BaseSqlMapDao.java:37) - BaseSqlMapDao static block finished... DEBUG[2005-Jul-03 21:37:07] - jdbc.SimpleDataSource(SimpleDataSource.java:579) - Created connection 6400263. DEBUG[2005-Jul-03 21:37:07] - sql.Connection(ConnectionLogProxy.java:42) - {conn-10} Connection DEBUG[2005-Jul-03 21:37:13] - jdbc.SimpleDataSource(SimpleDataSource.java:527) - Returned connection 6400263 to pool. java.lang.ClassCastException at com.ibatis.dao.client.template.SqlMapDaoTemplate.getSqlMapExecutor(SqlMapDaoTemplate.java:60) at com.ibatis.dao.client.template.SqlMapDaoTemplate.queryForObject(SqlMapDaoTemplate.java:162) at net.naijatek.fgconline.persistence.sqlmapdao.IbatisMemberDAO.searchCountAvatar(IbatisMemberDAO.java:3358) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at com.ibatis.dao.engine.impl.DaoProxy.invoke(DaoProxy.java:72) at $Proxy0.searchCountAvatar(Unknown Source) at net.naijatek.fgconline.service.FGCServiceImpl.searchCountAvatar(FGCServiceImpl.java:1269) at net.naijatek.fgconline.framework.FgcDriver.testSearchCountAvatar(FgcDriver.java:98) at net.naijatek.fgconline.framework.FgcDriver.main(FgcDriver.java:66) Hit uncaught exception com.ibatis.dao.client.DaoException com.ibatis.dao.client.DaoException at net.naijatek.fgconline.framework.FgcDriver.main(FgcDriver.java:78)
Re: Advantage of Map over Bean as a parameterObject?
My 2 cents...your milage may vary. We use maps exclusively. I'm sure that custom beans perform better, but I doubt that would make any noticable difference to an end user - in my experience the real performance killers in web apps are network latency and having to use a low function, browser based, user interface. iBATIS is an awesome tool but it can't solve those problems - unfortunately :-) We wrote a subclass of HashMap that handles common houskeeping things like string trimming and data type transformations (BigInteger--Long, etc.). We use that class as the result class for all our queries. In our situation, I don't see the value of adding lots (it would be hundreds) of additional classes to our application that are basically just DTOs. I say this because our DB model is a far far different thing than our object model and our mapping layer has to do transformations of the DB objects into our domain objects somehow - either from maps, or custom beans. This DB design is not under our control (seperate DBA group, political silos, etc.) - hence the vast difference in the models. If I had more control over the database design I might feel differently - but I might use a more full function O-R mapper in that case too. Before we used iBATIS, we used a home grown DAO framework that would automagically generate CRUD methods and classes given a database schema. I even wrote a tool to generate the same stuff for iBATIS at one point. But we eventually decided that all the extra classes and generic CRUD methods provided very little actual value to our application - so we canned them all. Jeff Butler
Caused by: com.ibatis.sqlmap.client.SqlMapException: Unrecognized parameter mapping field
Hi I am not sure why i am getting the above error, is there a way to debug it. I am going to paste my xml file definiation here, I am sure this SQL statement works the error i am getting is as below Caused by: com.ibatis.sqlmap.client.SqlMapException: Unrecognized parameter mapping field: ' F.P813NAME AS P813NAME' in AS BP2FAX, F.P813NAME AS P813NAME, F.P813PHON AS P813PHON, G.P830DESC AS P830DESC, A.PCSHPV AS PCSHPV, A.PCFRGT AS PCFRGT, A.PCORIG AS PCORIG, A.PCCURR AS PCCURR, A.PCEXCG AS PCEXCG, A.PCBUYR AS PCBUYR, A.PCBLOR AS PCBLOR, A.PCSRCE AS PCSRCE, A.PCVALU AS PCVALU, A.PCAKDT AS PCAKDT, A.PCVNDT AS PCVNDT, A.PCFXDT AS PCFXDT, A.PCINDT AS PCINDT, A.PCSPN1 AS PCSPN1, A.PCSPN2 AS PCSPN2, A.PCSPN3 AS PCSPN3, A.PCENDU AS PCENDU, A.PCUSF1 AS PCUSF1, A.PCUSF2 AS PCUSF2, A.PCUSF3 AS PCUSF3, A.PCSTAT AS PCSTAT, A.PCCANC AS PCCANC, A.PCVER my sql statement is as below SELECT A.PCPORD AS PCPORD , A.PCVALU AS PCVALU , A.PCPTYP AS PCPTYP , A.PCODAT AS PCODAT , A.PCVNDR AS PCVNDR , A.PCINVV AS PCINVV, A.PCSHPT AS PCSHPT, A.PCBILT AS PCBILT, A.PCCONF AS PCCONF, A.PCROUT AS PCROUT, A.PCASTA AS PCASTA, A.PCAPVU AS PCAPVU, A.PCAPVD AS PCAPVD, A.PCAPVT AS PCAPVT, A.PCPAYT AS PCPAYT, A.PCDISC AS PCDISC, C.P2FAX# AS BP2FAX, F.P813NAME AS P813NAME, F.P813PHON AS P813PHON, G.P830DESC AS P830DESC, A.PCSHPV AS PCSHPV, A.PCFRGT AS PCFRGT, A.PCORIG AS PCORIG, A.PCCURR AS PCCURR, A.PCEXCG AS PCEXCG, A.PCBUYR AS PCBUYR, A.PCBLOR AS PCBLOR, A.PCSRCE AS PCSRCE, A.PCVALU AS PCVALU, A.PCAKDT AS PCAKDT, A.PCVNDT AS PCVNDT, A.PCFXDT AS PCFXDT, A.PCINDT AS PCINDT, A.PCSPN1 AS PCSPN1, A.PCSPN2 AS PCSPN2, A.PCSPN3 AS PCSPN3, A.PCENDU AS PCENDU, A.PCUSF1 AS PCUSF1, A.PCUSF2 AS PCUSF2, A.PCUSF3 AS PCUSF3, A.PCSTAT AS PCSTAT, A.PCCANC AS PCCANC, A.PCVER# AS PCVER, A.PCINCO AS PCINCO, A.PCDATE AS PCDATE, A.PCTIME AS PCTIME, A.PCUSER AS PCUSER, H.P1NAME AS VP1NAME , H.P1ADR1 AS VP1ADR1 , H.P1ADR2 AS VP1ADR2 , H.P1ADR3 AS VP1ADR3 , H.P1COUN AS VP1COUN , H.P1PROV AS VP1PROV , H.P1CITY AS VP1CITY , H.P1STE AS VP1STE , H.P1CTRY AS VP1CTRY , H.P1ZIP AS VP1ZIP , H.P1TEL# AS VP1TEL , H.P1FAX# AS VP1FAX , H.P1MAIL AS VP1MAIL , H.P1CONT AS VP1CONT , A.PCSHPT AS PCSHPT, B.P2NAME AS SNAME, B.P2ADR1 AS SP2ADR1, B.P2ADR2 AS SP2ADR2, B.P2CITY AS SP2CITY, B.P2STE AS SP2STE , B.P2ZIP AS SP2ZIP , B.P2ATTN AS SP2ATTN, B.P2PHON AS SP2PHON, B.P2FAX# AS SP2FAX, C.P2NAME AS BNAME, C.P2ADR1 AS BP2ADR1, C.P2ADR2 AS BP2ADR2, C.P2CITY AS BP2CITY, C.P2STE AS BP2STE , C.P2ZIP AS BP2ZIP , C.P2ATTN AS BP2ATTN, C.P2PHON AS BP2PHON, D.P832DESC AS P832DESC, E.P834DESC AS P834DESC, J.PDLINE AS PDLINE , J.PDITEM AS PDITEM , K.M0DESC AS M0DESC , J.PDPUME AS PDPUME , J.PDREQ AS PDREQ , J.PDRQRD AS PDRQRD , J.PDRQST AS PDRQST, J.PDSETP AS PDSETP , J.PDQTYP AS PDQTYP , J.PDPRCE AS PDPRCE, I.SENAME AS SENAME, L.C803CNAM AS C803NAM, L.C803GSDS AS C803GSDS, M.P804DESC AS P804DESC, N.P039PORD AS P039PORD, N.P039POLN AS P039POLN, N.P039DSLN AS P039DSLN, N.P039QTY AS P039QTY , N.P039SHIP AS P039SHIP, N.P039DELV AS P039DELV, N.P039REQ AS P039REQ , N.P039COMM AS P039COMM, P.P2NAME AS PBNAME, P.P2ADR1 AS PBP2ADR1, P.P2ADR2 AS PBP2ADR2, P.P2CITY AS PBP2CITY, P.P2STE AS PBP2STE , P.P2ZIP AS PBP2ZIP , P.P2ATTN AS PBP2ATTN, P.P2PHON AS PBP2PHON, P.P2FAX# AS PBP2FAX, Q.P2NAME AS QBNAME, Q.P2ADR1 AS QBP2ADR1, Q.P2ADR2 AS QBP2ADR2, Q.P2CITY AS QBP2CITY, Q.P2STE AS QBP2STE , Q.P2ZIP AS QBP2ZIP , Q.P2ATTN AS QBP2ATTN, Q.P2PHON AS QBP2PHON, Q.P2FAX# AS QBP2FAX, R.SENAME AS RSENAME, S.SENAME AS SSENAME FROM Pu1012 A left join pu1002 B on A.PcShpt = B.P2code ) Left join Pu1002 C on A.PcBilt = C.P2code ) Left Join Pu1832 D on A.PcShpv = D.P832Code ) Left join Pu1834 E on A.PcFRGT = E.P834Code ) Left join PU1813 F on A.PCBUYR = F.P813Code) Left join PU1830 G on A.PCPAYT = G.P830Code) Left join PU1001 H on A.PCVNDR = H.P1VNDR)Left join SE1001 I on A.PCAPVU = I.SEUSID)Left join CF1803C L on A.PCCOMP = L.C803COMP) Left join PU1804 M on
Re: Caused by: com.ibatis.sqlmap.client.SqlMapException: Unrecognized parameter mapping field
Any fields with # in them need to be escaped with ## A.PCVER# AS PCVER, - should be - A.PCVER## AS PCVER, ..and... WHERE A.Pcpord = VALUE# - should be - WHERE A.Pcpord = #VALUE# What db is this? That is a freaky looking join with all the in there. Larry On 7/5/05, Ashish Kulkarni [EMAIL PROTECTED] wrote: Hi I am not sure why i am getting the above error, is there a way to debug it. I am going to paste my xml file definiation here, I am sure this SQL statement works the error i am getting is as below Caused by: com.ibatis.sqlmap.client.SqlMapException: Unrecognized parameter mapping field: ' F.P813NAME AS P813NAME' in AS BP2FAX, F.P813NAME AS P813NAME, F.P813PHON AS P813PHON, G.P830DESC AS P830DESC, A.PCSHPV AS PCSHPV, A.PCFRGT AS PCFRGT, A.PCORIG AS PCORIG, A.PCCURR AS PCCURR, A.PCEXCG AS PCEXCG, A.PCBUYR AS PCBUYR, A.PCBLOR AS PCBLOR, A.PCSRCE AS PCSRCE, A.PCVALU AS PCVALU, A.PCAKDT AS PCAKDT, A.PCVNDT AS PCVNDT, A.PCFXDT AS PCFXDT, A.PCINDT AS PCINDT, A.PCSPN1 AS PCSPN1, A.PCSPN2 AS PCSPN2, A.PCSPN3 AS PCSPN3, A.PCENDU AS PCENDU, A.PCUSF1 AS PCUSF1, A.PCUSF2 AS PCUSF2, A.PCUSF3 AS PCUSF3, A.PCSTAT AS PCSTAT, A.PCCANC AS PCCANC, A.PCVER my sql statement is as below SELECT A.PCPORD AS PCPORD , A.PCVALU AS PCVALU , A.PCPTYP AS PCPTYP , A.PCODAT AS PCODAT , A.PCVNDR AS PCVNDR , A.PCINVV AS PCINVV, A.PCSHPT AS PCSHPT, A.PCBILT AS PCBILT, A.PCCONF AS PCCONF, A.PCROUT AS PCROUT, A.PCASTA AS PCASTA, A.PCAPVU AS PCAPVU, A.PCAPVD AS PCAPVD, A.PCAPVT AS PCAPVT, A.PCPAYT AS PCPAYT, A.PCDISC AS PCDISC, C.P2FAX# AS BP2FAX, F.P813NAME AS P813NAME, F.P813PHON AS P813PHON, G.P830DESC AS P830DESC, A.PCSHPV AS PCSHPV, A.PCFRGT AS PCFRGT, A.PCORIG AS PCORIG, A.PCCURR AS PCCURR, A.PCEXCG AS PCEXCG, A.PCBUYR AS PCBUYR, A.PCBLOR AS PCBLOR, A.PCSRCE AS PCSRCE, A.PCVALU AS PCVALU, A.PCAKDT AS PCAKDT, A.PCVNDT AS PCVNDT, A.PCFXDT AS PCFXDT, A.PCINDT AS PCINDT, A.PCSPN1 AS PCSPN1, A.PCSPN2 AS PCSPN2, A.PCSPN3 AS PCSPN3, A.PCENDU AS PCENDU, A.PCUSF1 AS PCUSF1, A.PCUSF2 AS PCUSF2, A.PCUSF3 AS PCUSF3, A.PCSTAT AS PCSTAT, A.PCCANC AS PCCANC, A.PCVER# AS PCVER, A.PCINCO AS PCINCO, A.PCDATE AS PCDATE, A.PCTIME AS PCTIME, A.PCUSER AS PCUSER, H.P1NAME AS VP1NAME , H.P1ADR1 AS VP1ADR1 , H.P1ADR2 AS VP1ADR2 , H.P1ADR3 AS VP1ADR3 , H.P1COUN AS VP1COUN , H.P1PROV AS VP1PROV , H.P1CITY AS VP1CITY , H.P1STE AS VP1STE , H.P1CTRY AS VP1CTRY , H.P1ZIP AS VP1ZIP , H.P1TEL# AS VP1TEL , H.P1FAX# AS VP1FAX , H.P1MAIL AS VP1MAIL , H.P1CONT AS VP1CONT , A.PCSHPT AS PCSHPT, B.P2NAME AS SNAME, B.P2ADR1 AS SP2ADR1, B.P2ADR2 AS SP2ADR2, B.P2CITY AS SP2CITY, B.P2STE AS SP2STE , B.P2ZIP AS SP2ZIP , B.P2ATTN AS SP2ATTN, B.P2PHON AS SP2PHON, B.P2FAX# AS SP2FAX, C.P2NAME AS BNAME, C.P2ADR1 AS BP2ADR1, C.P2ADR2 AS BP2ADR2, C.P2CITY AS BP2CITY, C.P2STE AS BP2STE , C.P2ZIP AS BP2ZIP , C.P2ATTN AS BP2ATTN, C.P2PHON AS BP2PHON, D.P832DESC AS P832DESC, E.P834DESC AS P834DESC, J.PDLINE AS PDLINE , J.PDITEM AS PDITEM , K.M0DESC AS M0DESC , J.PDPUME AS PDPUME , J.PDREQ AS PDREQ , J.PDRQRD AS PDRQRD , J.PDRQST AS PDRQST, J.PDSETP AS PDSETP , J.PDQTYP AS PDQTYP , J.PDPRCE AS PDPRCE, I.SENAME AS SENAME, L.C803CNAM AS C803NAM, L.C803GSDS AS C803GSDS, M.P804DESC AS P804DESC, N.P039PORD AS P039PORD, N.P039POLN AS P039POLN, N.P039DSLN AS P039DSLN, N.P039QTY AS P039QTY , N.P039SHIP AS P039SHIP, N.P039DELV AS P039DELV, N.P039REQ AS P039REQ , N.P039COMM AS P039COMM, P.P2NAME AS PBNAME, P.P2ADR1 AS PBP2ADR1, P.P2ADR2 AS PBP2ADR2, P.P2CITY AS PBP2CITY, P.P2STE AS PBP2STE , P.P2ZIP AS PBP2ZIP , P.P2ATTN AS PBP2ATTN, P.P2PHON AS PBP2PHON, P.P2FAX# AS PBP2FAX, Q.P2NAME AS QBNAME, Q.P2ADR1 AS QBP2ADR1, Q.P2ADR2 AS QBP2ADR2, Q.P2CITY AS QBP2CITY, Q.P2STE AS QBP2STE , Q.P2ZIP AS QBP2ZIP , Q.P2ATTN AS QBP2ATTN, Q.P2PHON AS QBP2PHON, Q.P2FAX# AS QBP2FAX, R.SENAME AS RSENAME, S.SENAME AS SSENAME FROM Pu1012 A left join pu1002 B on A.PcShpt = B.P2code ) Left join Pu1002 C on A.PcBilt = C.P2code ) Left Join Pu1832 D on A.PcShpv = D.P832Code ) Left join Pu1834 E on A.PcFRGT = E.P834Code ) Left join PU1813 F on A.PCBUYR = F.P813Code) Left join PU1830 G on A.PCPAYT = G.P830Code) Left join PU1001 H on A.PCVNDR = H.P1VNDR)Left join SE1001 I on A.PCAPVU = I.SEUSID)Left join CF1803C L on A.PCCOMP = L.C803COMP) Left join PU1804 M on A.PCptyp = M.p804code) Left join pu1013 J on A.pcpord = J.pdpord)Left join pu1039 N on J.pdpord =
Multiple Database Best Practices
Is there a recommended best practice for handling an application that connects to multiple databases? Is it as simple as maintaining multiple sets of dao.xml and sql-config.xml files?
Re: Multiple Database Best Practices
You're right about the multiple SqlMapConfig.xml files, but you need only one dao.xml file, as DAO supports multiple datasources. Cheers, Clinton On 7/5/05, Mitchell, Steven C [EMAIL PROTECTED] wrote: Is there a recommended best practice for handling an application thatconnects to multiple databases?Is it as simple as maintaining multiplesets of dao.xml and sql-config.xml files?
Re: [HELP] Whether or not iBatis support SQL Injection?
When you use this: select id=good resultMap=myResultMap select * from foo where id = #value# /select ...and call it like this: MyBean b = (MyBean)sqlMap.queryForObject(good, new Integer(1)); ...iBATIS creates a prepared statement, so the SQL that goes to the database is: select * from foo where id = ? ...then a second parameter is sent to the driver to tell it that the value of the ? placeholder is 1. The parameter 1 is not used to modify the SQL. However, when you use this: select id=bad resultMap=myResultMap select * from foo where id = $value$ /select ...and call it like this: MyBean b = (MyBean)sqlMap.queryForObject(bad, new Integer(1)); ...iBATIS creates a prepared statement, but the SQL that goes to the database is: select * from foo where id = 1 ...so the object passed in (the Integer in this case) is used to modify the SQL that is executed. This is where the danger is. Let's say instead of an integer, a String was passed in from a web page and the input was not checked. If the string was 1, that would be just fine. However, a user could send a string like this: 1;drop table foo;--, and instead of the query above, you would get this: select * from foo where id = 1;drop table foo;-- Oops! what happened to the foo table? If you can use the ## syntax, do. Larry On 7/5/05, Pham Anh Tuan [EMAIL PROTECTED] wrote: oh, thanks all you :) but I don't understand clearly why when we use ## is more safe than using $$. Is there any special things in using ## ??? help me! - Original Message - From: Brandon Goodin [EMAIL PROTECTED] To: user-java@ibatis.apache.org Sent: Tuesday, July 05, 2005 8:54 PM Subject: Re: [HELP] Whether or not iBatis support SQL Injection? If you are using the #myProperty# delimiters you need not worry about sql injection. If you use the $myProperty$ literals you would need to guard against sql injection on your own. Brandon. On 7/5/05, Pham Anh Tuan [EMAIL PROTECTED] wrote: Hi all, I don't know whether or not iBatis support checking SQL Injection or not ? plz help me :) Pham