Yeah, it's definitely handy for that.
Brandon
On Fri, May 15, 2009 at 4:08 PM, Alin Popa <alin.p...@gmail.com> wrote:
> Thanks Brandon,
>
> I didn't know if I need to pass the literal in a special way, but it
> seems that is pretty straight forward.
> Regarding public access to that literal, of course, it's a private
> place where this will be done.
> My need for that string substitution is to add dynamic pieces of SQL
> into already existing ones.
>
> On Sat, May 16, 2009 at 12:02 AM, Brandon Goodin
> <brandon.goo...@gmail.com> wrote:
> > There isn't much to say. $blah$ is a literal whereas #blah# will convert
> to
> > a ? for the prepared statement.
> >
> > say you have a property of id on Person and set its value to 1
> >
> > public class Person {
> > private Integer id;
> > //getter/setter
> > }
> >
> > If you use the following syntax in your mapped statement:
> > select name from person where id = #id#
> >
> > ibatis will convert the #id# to a ? for use in the prepared statement:
> > select name from person where id = ?
> >
> > if on the other hand you used the $id$ ibatis would pass the following to
> > the prepared statement
> > select name from person where id = 1
> >
> > The obvious caution here is that the $literal$ syntax should never be
> > utilized in a place that the public can alter it. You open yourself to
> SQL
> > injection risks. In other words don't take a value that is passed in from
> a
> > web page and assign it in your SQL as s literal.
> >
> > Brandon
> >
> >
> > On Fri, May 15, 2009 at 3:52 PM, Alin Popa <alin.p...@gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> There is a place where I can find some documentation/examples/links
> >> related to string substitution in ibatis ? ($substitution$ thingy
> >> ....)
> >> In the official pdf documentation I didn't find anything about it;
> >> also google didn't helped much.
> >>
> >> Thanks,
> >> Alin
> >
> >
>
>
>
> --
> Best Regards,
>
> Alin
>
