That's a really bad idea, for several reasons. First and foremost, you open
yourself up to an SQL injection attack whenever you take a value from a
request parameter and embed it directly into a query string without at least
sanitizing it first. (In this particular case, you're protected by the fact
that the field is an int instead of a String. There may also be some
additional protection by using JPA instead of JDBC, but it's still bad
practice.) You really should be using named or positional parameters in your
query, like so:
Stripersist.getEntityManager()
.createQuery("from Item where id = :id")
.setParameter("id", id)
.getSingleResult()
Secondly, when looking up an entity by its ID using JPA, you should use
EntityManager.find(..) to do so.
Stripersist.getEntityManager().find(Item.class, id)
And finally, you don't have to do any of this at all because Stripersist
will handle it for you if you set things up correctly. Declare your Item as
a field of your ActionBean (with getter and setter), pass in a parameter
with the same name as the Item property and the Item will magically appear,
thanks to Stripersist's TypeConverter.
private Item item;
public Item getItem() { return item; }
public void setItem(Item item) { this.item = item; }
@DefaultHandler
public Resolution view() {
// No need to do anything. The item is already there!
}
If you pass in a request parameter item=123 then the Item entity with ID 123
will be there when your handler executes.
-Ben
On Fri, Mar 13, 2009 at 11:24 PM, AK <[email protected]> wrote:
> AK <ama-l...@...> writes:
> > I seem to be headed in the right direction, but am stuck figuring out how
> > to make a persistance call given a param being passed from the JSP.
> > Here's what I have:
> >
> > item_list.jsp
> > -------------
> > <s:link
> beanclass="org.stripesbook.quickstart.action.ItemDetailsActionBean">
> > <s:param name="id" value="${item.id}"/>${item.name}
> > </s:link>
> >
> > In my action bean, I need to figure out how to take the item.id and use
> it
> > as a param to my query in my DefaultHandler. Right now, I have something
> > hard-coded:
> >
> > ItemDetailsActionBean.java
> > --------------------------
> > @DefaultHandler
> > public Resolution view() {
> > item = (Item)Stripersist.getEntityManager()
> > .createQuery("from Item where id = 1").getSingleResult();
> >
> > // forward to item_detail.jsp
> > return new ForwardResolution(VIEW);
> > }
>
> Here's a follow-up to how I got away from doing the hard-coding and got the
> param passed in:
>
> ItemDetailsActionBean.java
> --------------------------
> ...
> private Item item;
> private int id;
>
> @DefaultHandler
> public Resolution view() {
> item = (Item)Stripersist.getEntityManager()
> .createQuery("from Item where id = " +
> id).getSingleResult();
> }
>
> The id parameter is passed into the action and I just use it to construct
> my
> query.
>
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
