You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cayenne.apache.org by Simran Narula <sn...@avoka.com> on 2012/05/07 05:45:48 UTC

How to turn on escaping for named queries

Hi,

I have a bunch of named queries in my application.map.xml...

And cayenne does not seems to be escaping the parameter values when these queries are executed

Is there a way I can SWITCH ON escaping for these named queries in cayenne or is there no way and I will have to manually escape the parameter values passed to these queries ??

Thanks

RE: How to turn on escaping for named queries

Posted by "Durchholz, Joachim" <Jo...@hennig-fahrzeugteile.de>.
If that's your query, you don't want to use escaping, you want to set this up as a prepared statement.

I'm not using Cayenne actively (still Hibernate here, don't know when or if I can switch), so I can only guess, but it would probably be something like
  Select something from table where value = :xxx
in the named query and
  namedQuery.bind('xxx', valueFromParameterInJava)
for the Java side.

Actually, the only use case where prepared statements aren't a vastly superior alternative is if you need to substitute a table or field name into your SQL. But that's not very useful unless you're doing something like phpMyAdmin. Or if you implement something like a query rewriting layer.

-----Original Message-----
From: Simran Narula [mailto:snarula@avoka.com] 
Sent: Tuesday, May 15, 2012 1:54 AM
To: user@cayenne.apache.org
Subject: RE: How to turn on escaping for named queries

Thanks for the rely Andrus,

These are bunch of select queries like following:

<query name="getSomething" factory="org.apache.cayenne.map.SQLTemplateBuilder" root="data-map" root-name="MyApplicationMap"> <property name="cayenne.GenericSelectQuery.fetchingDataRows" value="true"/>
		<sql><![CDATA[
	Select something from table where value = '${valueFromParameterInJava}'
		]]></sql>
</query>

Following Is what I am doing in Java..

// create new map parameters... and insert key value pairs... 
NamedQuery query = new NamedQuery("getSomething", parameters); List resultMaps = getDataContext().performQuery(query);
List<MyEntity> results = new ArrayList<OrderBean>();

..

I am looking to escape single quotes only ( ' ) 

Thanks


-----Original Message-----
From: Andrus Adamchik [mailto:andrus@objectstyle.org]
Sent: Monday, 14 May 2012 6:00 PM
To: user@cayenne.apache.org
Subject: Re: How to turn on escaping for named queries

Hi,

You do not indicate what type of queries you have (SelectQuery, SQLTemplate, etc?) Also could you give an example of what characters you'd like to escape? There is a good chance the answer will be to escape it manually, but I was wondering about the use case.

Andrus


On May 7, 2012, at 6:45 AM, Simran Narula wrote:
> Hi,
> 
> I have a bunch of named queries in my application.map.xml...
> 
> And cayenne does not seems to be escaping the parameter values when 
> these queries are executed
> 
> Is there a way I can SWITCH ON escaping for these named queries in cayenne or is there no way and I will have to manually escape the parameter values passed to these queries ??
> 
> Thanks

RE: How to turn on escaping for named queries

Posted by Simran Narula <sn...@avoka.com>.
Thanks for the rely Andrus,

These are bunch of select queries like following:

<query name="getSomething" factory="org.apache.cayenne.map.SQLTemplateBuilder" root="data-map" root-name="MyApplicationMap">
<property name="cayenne.GenericSelectQuery.fetchingDataRows" value="true"/>
		<sql><![CDATA[
	Select something from table where value = '${valueFromParameterInJava}'
		]]></sql>
</query>

Following Is what I am doing in Java..

// create new map parameters... and insert key value pairs... 
NamedQuery query = new NamedQuery("getSomething", parameters);
List resultMaps = getDataContext().performQuery(query);
List<MyEntity> results = new ArrayList<OrderBean>();

..

I am looking to escape single quotes only ( ' ) 

Thanks


-----Original Message-----
From: Andrus Adamchik [mailto:andrus@objectstyle.org] 
Sent: Monday, 14 May 2012 6:00 PM
To: user@cayenne.apache.org
Subject: Re: How to turn on escaping for named queries

Hi,

You do not indicate what type of queries you have (SelectQuery, SQLTemplate, etc?) Also could you give an example of what characters you'd like to escape? There is a good chance the answer will be to escape it manually, but I was wondering about the use case.

Andrus


On May 7, 2012, at 6:45 AM, Simran Narula wrote:
> Hi,
> 
> I have a bunch of named queries in my application.map.xml...
> 
> And cayenne does not seems to be escaping the parameter values when these queries are executed
> 
> Is there a way I can SWITCH ON escaping for these named queries in cayenne or is there no way and I will have to manually escape the parameter values passed to these queries ??
> 
> Thanks

Re: How to turn on escaping for named queries

Posted by Andrus Adamchik <an...@objectstyle.org>.
Hi,

You do not indicate what type of queries you have (SelectQuery, SQLTemplate, etc?) Also could you give an example of what characters you'd like to escape? There is a good chance the answer will be to escape it manually, but I was wondering about the use case.

Andrus


On May 7, 2012, at 6:45 AM, Simran Narula wrote:
> Hi,
> 
> I have a bunch of named queries in my application.map.xml...
> 
> And cayenne does not seems to be escaping the parameter values when these queries are executed
> 
> Is there a way I can SWITCH ON escaping for these named queries in cayenne or is there no way and I will have to manually escape the parameter values passed to these queries ??
> 
> Thanks