Enhance the dynamic tag so parameters within the dynamic tag are parsed after simple dynamic variables ------------------------------------------------------------------------------------------------------
Key: IBATIS-599 URL: https://issues.apache.org/jira/browse/IBATIS-599 Project: iBatis for Java Issue Type: New Feature Components: SQL Maps Affects Versions: 2.3.0 Reporter: Wessel van Norel Attachments: ibatis.patch We are working on dynamic filters for our queries. To make this a bit safer, preventing SQL injection, we wanted to use the ## construction within the $$ variables. iBatis currently doesn't support this. An example, our iBatis query is: SELECT * FROM persons $FILTERS$ Where our parametermap contains for example: FILTERS = "WHERE lastname = #LASTNAME#" LASTNAME = "Norel" So that the resulting query becomes: SELECT * FROM persons WHERE lastname = ? And iBatis puts the user entered value for lastname in a bind variable. Currently the #LASTNAME# is not transformed into a bind variable. For this we changed a few things in iBatis to make it work. The general idea is to add an extra attribute to the <dynamic> tag, "deferSubstitutions". If you specify it with true, the ## substitutions are done after the $$ substitutions. With this we can make it work with minimal changes to iBatis and keeping the change backwards compatible. Also see my ibatis-user mailing list question about this: http://www.nabble.com/Using--PARAM--constructions-within-%24DYNAMICSQL%24-td23287280.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.