Enhance the dynamic tag so parameters within the dynamic tag are parsed after
simple dynamic variables
------------------------------------------------------------------------------------------------------
Key: IBATIS-599
URL: https://issues.apache.org/jira/browse/IBATIS-599
Project: iBatis for Java
Issue Type: New Feature
Components: SQL Maps
Affects Versions: 2.3.0
Reporter: Wessel van Norel
Attachments: ibatis.patch
We are working on dynamic filters for our queries. To make this a bit safer,
preventing SQL injection, we wanted to use the ## construction within the $$
variables. iBatis currently doesn't support this.
An example, our iBatis query is:
SELECT * FROM persons $FILTERS$
Where our parametermap contains for example:
FILTERS = "WHERE lastname = #LASTNAME#"
LASTNAME = "Norel"
So that the resulting query becomes:
SELECT * FROM persons WHERE lastname = ?
And iBatis puts the user entered value for lastname in a bind variable.
Currently the #LASTNAME# is not transformed into a bind variable. For this we
changed a few things in iBatis to make it work.
The general idea is to add an extra attribute to the <dynamic> tag,
"deferSubstitutions".
If you specify it with true, the ## substitutions are done after the $$
substitutions. With this we can make it work with minimal changes to iBatis and
keeping the change backwards
compatible.
Also see my ibatis-user mailing list question about this:
http://www.nabble.com/Using--PARAM--constructions-within-%24DYNAMICSQL%24-td23287280.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
