You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ibatis.apache.org by "Brandon Goodin (JIRA)" <ib...@incubator.apache.org> on 2007/02/28 16:11:56 UTC
[jira] Commented: (IBATIS-400) Support for spatial column-types
[ https://issues.apache.org/jira/browse/IBATIS-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12476607 ]
Brandon Goodin commented on IBATIS-400:
---------------------------------------
This should have been asked on the user or dev list before posting it as a bug. Replacing literals will work. But, it potentially opens you up to SQL Injection. It look as though you could also have handled the POINT(...) as a String parameter to the SQL Map as well. The bigger question i have is what type is it returning.
Here is the example of how you could potentially handle this in a more safe manner:
========
Dao
========
class MyGeoDao {
...
public Object doGeoFromTextThinghy(Long valueA, Long valueB) {
String convertedValue("POINT(" + String.valueOf(valueA) + " " + String.valueOf(valueB) + ")");
return getSqlMap().queryForObject("GeoThing.myGeoFromTextThingyMap", convertedValue);
}
...
}
========
Sql Map
========
....
<select parameterClass="string" resultClass="someTypeThatGetsReturned">
GeomFromText(#value#)
</select>
....
> Support for spatial column-types
> --------------------------------
>
> Key: IBATIS-400
> URL: https://issues.apache.org/jira/browse/IBATIS-400
> Project: iBatis for Java
> Issue Type: New Feature
> Components: SQL Maps
> Affects Versions: 2.3.0
> Reporter: Achim Seufert
>
> Hi,
> I'm trying to insert a spacial-value (POINT) using a mapped insert-statement.
> My sql-mapping looks like this:
> <insert id="insertGeoCoordinate" parameterClass="GeoCoordinateBean">
>
> insert into address_geocode
> (
> street,
> housenumber,
> housenumberextension,
> zip,
> city,
> country,
> coordinate,
> source,
> quality,
> metadata
> )
> values
> (
> #street#,
> #housenumber#,
> #housenumberextension#,
> #zip#,
> #city#,
> #country#,
> GeomFromText('POINT(#xcoordinate# #ycoordinate#)'),
> #source#,
> #quality#,
> #metadata#
> )
>
> </insert>
> The "GeoCoordinateBean" contains both the "xcoordinate" and the "ycoordinate" as double (and they're reachable via getters and setters... as usual).
> Since iBatis is creating prepared statements, the above insert fails:
> "Cause: java.sql.SQLException: Parameter index out of bounds. 10 is not between valid values of 1 and 9"
> That's because the number of colums addressed (10) is less than parameters given (11)... I assume. :-)
> The main "problem" should be this line:
> GeomFromText('POINT(#xcoordinate# #ycoordinate#)'),
> The "GeomFromText"-function (provided by MySQL) simply needs the two parameters/values to create a POINT-object prior to the actual insert.
> I already tried to replace these two parameters (xcoordinate and ycoordinate) with ONE single string-parameter (coming from the bean and already having concatenated the two coordinates)... with no success.
> I don't see any way how this problem can be solved using any currently implemented features of iBatis. (I've studied the manual... but found no applicable methods.)
> Maybe a good solution would be if you could turn off prepared statements for certain inserts ... just like this user suggested:
> https://issues.apache.org/jira/browse/IBATIS-240
> Any help/improvement would be much appreciated.
> Thanks,
> Achim
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.