One substantial comment below, bad code. Nice feature otherwise, but it doesn't support conditions, only constant values.
This really should be done using the EntityCondition framework, so that the sql generating code can be reused and not duplicated. [EMAIL PROTECTED] wrote: > Modified: > ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java > URL: > http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java?rev=707216&r1=707215&r2=707216&view=diff > ============================================================================== > --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java > (original) > +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java > Wed Oct 22 15:22:00 2008 > + public static void makeViewFilterWhereClause(ModelViewEntity > modelViewEntity, StringBuilder whereString) throws GenericEntityException { > + > + for (ModelViewEntity.ModelFilter filter : > modelViewEntity.getFilters()) { > + ModelEntity filterEntity = > modelViewEntity.getMemberModelEntity(filter.getEntityAlias()); > + if (filterEntity == null) { > + throw new GenericEntityException("Link entity not found with > alias: " + filter.getEntityAlias() + " for entity: " + > modelViewEntity.getEntityName()); > + } > + > + ModelField filterField = > filterEntity.getField(filter.getFieldName()); > + if (filterField == null) { > + throw new GenericEntityException("The field " + > filter.getFieldName() + " does not appear to belong to entity " + > modelViewEntity.getEntityName()); > + } > + if (whereString.length() > 0) { > + whereString.append(" AND "); > + } > + whereString.append(filter.getEntityAlias()); > + whereString.append("."); > + whereString.append(filterColName(filterField.getColName())); > + > + EntityOperator<?> entityOperator = > EntityOperator.lookup(filter.getOperator()); > + if (entityOperator == null) { > + throw new GenericEntityException("Operator " + > filter.getOperator() + " not supported in filter for entity: " + > modelViewEntity.getEntityName()); Tabbing is wrong on this line. > + } > + whereString.append(" > ").append(entityOperator.getCode()).append(" "); > + > + whereString.append("'" + filter.getValue().replaceAll("'", "''") > + "'"); > + } > } > ICK! Danger Will Robinson, Danger! Do NOT use string concatenation. Use prepared statements. Plus, the quoting used is not portable.
