Hi! Thanks both! Caleb James DeLisle wrote: > On 11/05/2010 06:53 PM, [Ricardo Rodriguez] eBioTIC. wrote: > >> Hi! >> >> Chris Wagner wrote: >> >>> Hello, >>> >>> Sorry for the delay in reply. >>> >>> Sergiu, that was the case. Thank you very much. :) >>> >>> Ricardo, the query is to include a list of all child documents in order. I >>> included the curly braces in the query simply because I find it easier to >>> read. >>> >>> >> Thanks, Chris. Far clear the reason to use curly braces, but I am not >> able to understand the query. If I understand well, it lists all >> documents with a given patent. Thus... >> > > The given parent is the parent of the "current document" (the document > including the script.) > If the script is called from Main.ChildDoc and ChildDoc has a parent called > ParentDoc then > Velocity sees ${doc.parent} and replaces with Main.ParentDoc before the query > ever reaches the database. > > The doc.id was a mistake and the line should read > #set($results=$xwiki.searchDocuments("where doc.hidden = false and > doc.fullName='${doc.parent}' > order by doc.title asc"))ç > The other way round :-) doc.parent='${doc.fullName}'
I understand the simple logic of the query and got it working. Here a simple snippet using 2.0 syntax for simpler reference: {{velocity}} **These are the children of the current page** #set($results=$xwiki.searchDocuments("where doc.hidden = false and doc.parent=? order by doc.title asc", [$doc.fullName])) #foreach($item in $results) #set ($itemdoc = $xwiki.getDocument($item)) [[$itemdoc>>$itemdoc]] #end {{/velocity}} > But we should all get in the habit of avoiding the dynamic building of > queries because it can be a > security issue. Think if doc.parent = "'; drop table xwikidoc;" Hibernate > won't allow that but there > are sometimes ways to fool even Hibernate. > > Best practice for query security is to use: > #set($results=$xwiki.searchDocuments("where doc.hidden = false and > doc.fullName=? order by doc.title > asc", [$doc.parent])) > > > Caleb > I'm still struggling to understand the SQL injection attack as explained here... http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Security#HMitigationMethods-1 I'll create a simple new snippet entry once I understand it! Thanks! >> {{velocity}} >> #set($results=$xwiki.searchDocuments("where doc.hidden = false and >> doc.id='${doc.parent}' order by doc.title asc")) >> #foreach($item in $results) >> #set ($itemdoc = $xwiki.getDocument($item)) >> [$item>$item], >> #end >> {{/velocity}} >> >> must list all documents having ${doc.parent} as parent. So, included in >> a page ICT.WebHome, must list all child documents having ICT.WebHome as >> parent, mustn't it? >> >> Well, I get nothing by including this snippet in such ICT.WebHome page. >> And there are 50 documents that have this age as parent page! >> >> Please, where am I wrong? >> >> One more things. Please, how is it possible to compare doc.id and >> $doc.parent? As far as I understand, doc.id maps to XWD_ID in xwikidoc >> table (it is a bigint(20) field). And $doc.parent invokes getParent() >> and gets a string in the form Space.Document. Thus, how is it possible >> to compare both values? >> >> Thanks for your help! >> >>> Thank you, >>> Chris >>> >>> On Thu, Nov 4, 2010 at 3:36 AM, [Ricardo Rodriguez] eBioTIC. [via XWiki] < >>> ml-node+5704373-1764624309-299...@n2.nabble.com<ml-node%2b5704373-1764624309-299...@n2.nabble.com> >>> >>> >>>> wrote: >>>> >>>> >>> >>> >>>> Sergiu Dumitriu wrote: >>>> >>>> >>>> >>>>> On 11/03/2010 07:47 PM, Chris Wagner wrote: >>>>> >>>>> >>>>> >>>>>> Hello, >>>>>> >>>>>> I am having some issues with the "order by" clause in HQL - the >>>>>> >>>>>> >>>> following >>>> >>>> >>>>>> query: >>>>>> >>>>>> $xwiki.searchDocuments("where doc.hidden = false and >>>>>> doc.id='${doc.parent}' >>>>>> >>>>>> order by doc.title asc") >>>>>> >>>>>> >>>>>> >>>> Please, Chris, what this query is designed for? And why do you use curly >>>> braces to wrap doc.parent? >>>> >>>> Thanks! >>>> >>>> >>>> >>>>>> is returning the expected set of documents, but the title order is >>>>>> >>>>>> >>>> erratic. >>>> >>>> >>>>>> The documents are reordered, but it is not alphabetized as anticipated. >>>>>> Instead, there are several alphabetized "spurts" -- for example, I have >>>>>> >>>>>> >>>> 'A', >>>> >>>> >>>>>> 'C', 'P', ... 'A', 'A', 'B', 'C', 'D', 'E', etc. Within one of these >>>>>> >>>>>> >>>> spans, >>>> >>>> >>>>>> no items appear out of order, but the 'span' separation is not expected >>>>>> >>>>>> >>>> or >>>> >>>> >>>>>> desired. Is there a common issue that I could be overlooking? >>>>>> >>>>>> >>>>>> >>>>> There are two types of titles. >>>>> >>>>> Document titles are stored in the database as the doc.title field, and >>>>> they are editable in the editor above the content. >>>>> >>>>> Display titles are computed from the document title, first heading from >>>>> the content, or the document name, depending on which one exists, in >>>>> this order. Unfortunately it is not possible to see the display title in >>>>> queries. >>>>> >>>>> I'm not sure, but I think that your problem is caused by this difference >>>>> between display and document titles. The first set of documents has an >>>>> empty document title, but in the UI you see their computed display >>>>> title. The second set of documents is correctly ordered by their >>>>> persisted document title. >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> Ricardo Rodríguez >>>> CTO >>>> eBioTIC. >>>> Life Sciences, Data Modeling and Information Management Systems >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [hidden email] <http://user/SendEmail.jtp?type=node&node=5704373&i=0> >>>> http://lists.xwiki.org/mailman/listinfo/users >>>> >>>> >>>> ------------------------------ >>>> View message @ >>>> http://xwiki.475771.n2.nabble.com/Unexpected-Order-By-Results-tp5702753p5704373.html >>>> To unsubscribe from Unexpected 'Order By' Results, click >>>> here<http://xwiki.475771.n2.nabble.com/template/TplServlet.jtp?tpl=unsubscribe_by_code&node=5702753&code=ZWVsaG92ZXJjcmFmdEBnbWFpbC5jb218NTcwMjc1M3wtMTMzMDQxMjEwMQ==>. >>>> >>>> >>>> >>>> >>>> >>> >>> > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Ricardo Rodríguez CTO eBioTIC. Life Sciences, Data Modeling and Information Management Systems _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users