You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user-java@ibatis.apache.org by Heinrich Götzger <go...@gmx.de> on 2007/11/02 18:24:05 UTC
HowTo add parameter to part of regex in select
Hi,
is there a possibility to get following to run with iBATIS?
SELECT * FROM table WHERE
REGEXP_LIKE (id, '^(#id#)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
(remark: this is not working)
or would I need to prepare the regexp in the java-part and use it like:
SELECT * FROM table WHERE
REGEXP_LIKE (id, #id#)
(remark: this is working)
Or in other words: can i get iBATIS to only get part of the regex passed
and add it to the rest of an existing expression or would I need to
build the complete expression in Java and pass it as a regular
(string-)parameter to iBATIS-Layer?
Thanks, cheers
Heinrich
Re: HowTo add parameter to part of regex in select
Posted by Heinrich Götzger <go...@gmx.de>.
Larry Meadors wrote:
> You could to this:
>
> SELECT *
>>FROM table
> WHERE REGEXP_LIKE (id, '^($id$)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$$')
>
> Doing this will open you up to SQL injection, so if id = " ');drop
> table some_important_data; --", you'll be pissed.
>
> I'd build the regex in java code and pass it in that way.
Thanks for that hint, I'll follow it.
Heinrich
>
> Larry
>
>
> On 11/2/07, Heinrich Götzger <go...@gmx.de> wrote:
>> Hi,
>>
>> is there a possibility to get following to run with iBATIS?
>>
>> SELECT * FROM table WHERE
>> REGEXP_LIKE (id, '^(#id#)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
>>
>> (remark: this is not working)
>>
>> or would I need to prepare the regexp in the java-part and use it like:
>>
>> SELECT * FROM table WHERE
>> REGEXP_LIKE (id, #id#)
>>
>> (remark: this is working)
>>
>> Or in other words: can i get iBATIS to only get part of the regex passed
>> and add it to the rest of an existing expression or would I need to
>> build the complete expression in Java and pass it as a regular
>> (string-)parameter to iBATIS-Layer?
>>
>> Thanks, cheers
>>
>> Heinrich
>>
>
Re: HowTo add parameter to part of regex in select
Posted by Larry Meadors <lm...@apache.org>.
You could to this:
SELECT *
FROM table
WHERE REGEXP_LIKE (id, '^($id$)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$$')
Doing this will open you up to SQL injection, so if id = " ');drop
table some_important_data; --", you'll be pissed.
I'd build the regex in java code and pass it in that way.
Larry
On 11/2/07, Heinrich Götzger <go...@gmx.de> wrote:
> Hi,
>
> is there a possibility to get following to run with iBATIS?
>
> SELECT * FROM table WHERE
> REGEXP_LIKE (id, '^(#id#)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
>
> (remark: this is not working)
>
> or would I need to prepare the regexp in the java-part and use it like:
>
> SELECT * FROM table WHERE
> REGEXP_LIKE (id, #id#)
>
> (remark: this is working)
>
> Or in other words: can i get iBATIS to only get part of the regex passed
> and add it to the rest of an existing expression or would I need to
> build the complete expression in Java and pass it as a regular
> (string-)parameter to iBATIS-Layer?
>
> Thanks, cheers
>
> Heinrich
>
Re: HowTo add parameter to part of regex in select
Posted by Heinrich Götzger <go...@gmx.de>.
Dave,
Dave.Derry@Equifax.com wrote:
> I'm far from being an expert, so I could be *way* off here. But I suspect
> that the quoted string is what's causing problems with the variable
> replacement. Maybe string concatenation would work; something like
>
> SELECT * FROM table WHERE
> REGEXP_LIKE (id, '^(' || #id# ||
> ')\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
interesting idea, but on a short and quick test, it didn't work out.
This may not be final.
Thanks anyway.
cheers
Heinrich
>
> Dave
>
> We must begin not just to act, but to think, for there is no better slave
> than the one who believes his slavery to be freedom, and we are in
> no greater peril than when we cannot see the chains on our minds
> because there are yet no chains on our feet.
> -- Michael Reid
>
>
>
>
>
> Heinrich Götzger
> <go...@gmx.de>
> To
> 11/02/2007 01:24 user-java@ibatis.apache.org
> PM cc
>
> Subject
> Please respond to HowTo add parameter to part of
> user-java@ibatis. regex in select
> apache.org
>
>
>
>
>
>
>
>
>
> Hi,
>
> is there a possibility to get following to run with iBATIS?
>
> SELECT * FROM table WHERE
> REGEXP_LIKE (id,
> '^(#id#)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
>
> (remark: this is not working)
>
> or would I need to prepare the regexp in the java-part and use it like:
>
> SELECT * FROM table WHERE
> REGEXP_LIKE (id, #id#)
>
> (remark: this is working)
>
> Or in other words: can i get iBATIS to only get part of the regex passed
> and add it to the rest of an existing expression or would I need to
> build the complete expression in Java and pass it as a regular
> (string-)parameter to iBATIS-Layer?
>
> Thanks, cheers
>
> Heinrich
>
>
>
Re: HowTo add parameter to part of regex in select
Posted by Da...@Equifax.com.
I'm far from being an expert, so I could be *way* off here. But I suspect
that the quoted string is what's causing problems with the variable
replacement. Maybe string concatenation would work; something like
SELECT * FROM table WHERE
REGEXP_LIKE (id, '^(' || #id# ||
')\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
Dave
We must begin not just to act, but to think, for there is no better slave
than the one who believes his slavery to be freedom, and we are in
no greater peril than when we cannot see the chains on our minds
because there are yet no chains on our feet.
-- Michael Reid
Heinrich Götzger
<go...@gmx.de>
To
11/02/2007 01:24 user-java@ibatis.apache.org
PM cc
Subject
Please respond to HowTo add parameter to part of
user-java@ibatis. regex in select
apache.org
Hi,
is there a possibility to get following to run with iBATIS?
SELECT * FROM table WHERE
REGEXP_LIKE (id,
'^(#id#)\-[0]{4}[0-9][0-9][A-Z][0-9]{2}[A-Z]$')
(remark: this is not working)
or would I need to prepare the regexp in the java-part and use it like:
SELECT * FROM table WHERE
REGEXP_LIKE (id, #id#)
(remark: this is working)
Or in other words: can i get iBATIS to only get part of the regex passed
and add it to the rest of an existing expression or would I need to
build the complete expression in Java and pass it as a regular
(string-)parameter to iBATIS-Layer?
Thanks, cheers
Heinrich