RE: How to turn on escaping for named queries

Tue, 15 May 2012 03:05:43 -0700 

If that's your query, you don't want to use escaping, you want to set this up 
as a prepared statement.

I'm not using Cayenne actively (still Hibernate here, don't know when or if I 
can switch), so I can only guess, but it would probably be something like
  Select something from table where value = :xxx
in the named query and
  namedQuery.bind('xxx', valueFromParameterInJava)
for the Java side.

Actually, the only use case where prepared statements aren't a vastly superior 
alternative is if you need to substitute a table or field name into your SQL. 
But that's not very useful unless you're doing something like phpMyAdmin. Or if 
you implement something like a query rewriting layer.

-----Original Message-----
From: Simran Narula [mailto:[email protected]] 
Sent: Tuesday, May 15, 2012 1:54 AM
To: [email protected]
Subject: RE: How to turn on escaping for named queries

Thanks for the rely Andrus,

These are bunch of select queries like following:

<query name="getSomething" factory="org.apache.cayenne.map.SQLTemplateBuilder" 
root="data-map" root-name="MyApplicationMap"> <property 
name="cayenne.GenericSelectQuery.fetchingDataRows" value="true"/>
                <sql><![CDATA[
        Select something from table where value = '${valueFromParameterInJava}'
                ]]></sql>
</query>

Following Is what I am doing in Java..

// create new map parameters... and insert key value pairs... 
NamedQuery query = new NamedQuery("getSomething", parameters); List resultMaps 
= getDataContext().performQuery(query);
List<MyEntity> results = new ArrayList<OrderBean>();

..

I am looking to escape single quotes only ( ' ) 

Thanks


-----Original Message-----
From: Andrus Adamchik [mailto:[email protected]]
Sent: Monday, 14 May 2012 6:00 PM
To: [email protected]
Subject: Re: How to turn on escaping for named queries

Hi,

You do not indicate what type of queries you have (SelectQuery, SQLTemplate, 
etc?) Also could you give an example of what characters you'd like to escape? 
There is a good chance the answer will be to escape it manually, but I was 
wondering about the use case.

Andrus


On May 7, 2012, at 6:45 AM, Simran Narula wrote:
> Hi,
> 
> I have a bunch of named queries in my application.map.xml...
> 
> And cayenne does not seems to be escaping the parameter values when 
> these queries are executed
> 
> Is there a way I can SWITCH ON escaping for these named queries in cayenne or 
> is there no way and I will have to manually escape the parameter values 
> passed to these queries ??
> 
> Thanks

Reply via email to