On Fri, 17 Feb 2012 10:14:31 -0200, Lance Java <lance.j...@googlemail.com>
wrote:
I'm talking about this:
"where c1.id in (" + questions + ") "
I'm hoping you realise that questions is just a comma separated string of
question marks eg "?, ?, ?" so it's SQL injection safe.
I haven't thought of that, but there's a better way of doing that anyway.
If you start building HQL queries by string concatenation, you're either
overlooking the Query.setParameterList() method or the the very nice and
useful Hibernate's query by criteria API (which is very good but many good
developers don't even know it exists, and that's a huge shame because of
the ugly workarounds to create dynamic queries in HQL).
He should use Query.setParameterList() instead.
Cool, I didn't know about this. I'm assuming hibernate generates the "?,
?, ?" under-the-hood to achieve this.
Probably . . .
I'm thinking that this might be (ever so slightly) slower than using
setLong() for each as it would either be doing a potentially ambiguous
setObject() under the hood or would be doing lots
of instance of's to determine the parameter type. It would be nicer if
hibernate had a method setLongs(String name, long[] values).
The time spent by Hibernate doing that will be completely insignificant
when compared with the time spent doing the search itself. Premature
optimization? :P
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, Ars Machina Tecnologia da Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
