2010/1/10 Leo Erlandsson <leo.erlands...@tyringe.com>: > > I would use an SQL Join in the iterator(int first, int count) method to get > data from the associated table and return the data in the returned Domain > Objects. > > You could also do an SQL Query for each result in your iterator() method, > but that would give you 1+n SQL Queries instead of just 1. > > Also, note that your code has several Security Vulnerabilities as it is > susceptible to SQL Injection Attacks (!!!!!) if you let the user specify the > Filter String: > > String tmp = filter.getName(); > sql = "where name like '%" + tmp + "%'"; > > > > > > ----- > --- > Leo Erlandsson, M. Sc. > -- > View this message in context: > http://old.nabble.com/Several-entities-and-DataTable-tp27075166p27097481.html > Sent from the Wicket - User mailing list archive at Nabble.com.
Can you give me an example? this is only for test: String tmp = filter.getName(); sql = "where name like '%" + tmp + "%'"; --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
