The most common and safe(sql injection) method is to continue to use
prepared statement parameters and create the value in Java.
In Java construct the String with a StringBuilder and then pass the value
into a normal iBatis parameter #{value}.
Nathan
On Mon, May 10, 2010 at 5:27 AM, masonka...@libero.it
<masonka...@libero.it>wrote:
> Hi,
>
> I'm using ibatis 3.0 and I need help using special character in xml mapping
> files.
> Thanks to ibatis I switch between mysql server and Apache derby Embedded
> database easily but i need to write a like condition in a way compatible
> with
> both db.
>
> What I want to get is "like '%<value>%'", but in xml this create some
> problem
> (% is special character, I try with cddata but doesn't work).
> At first I solve in mysql using concat function concat('%',<value>,'%').
> This doesn't work with apache derby, because it doesn't support this kind
> of
> function.
> Somebody can help me to write this expression in a way that work with both
> databases.
>
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-java-unsubscr...@ibatis.apache.org
> For additional commands, e-mail: user-java-h...@ibatis.apache.org
>
>
