[xwiki-devs] [VOTE] Add new XWiki.searchDocuments() API
Vincent Massol
vincent at massol.net
Wed Sep 26 08:46:31 CEST 2007
On Sep 26, 2007, at 8:32 AM, Sergiu Dumitriu wrote:
> +1
>
> How is the list going to be used? Something like:
> " where doc.web = {0} and obj.className = {1}"?
Like any paramtrized HQL query with ? or :name:
Actually this signature for search() already exists in the non-api
XWiki class.
> We need to make sure we don't double escape content, as in several
> places we have manually replaced % and ', so all the documents and
> java code should be checked.
Yep, which is why I have also modified the Utils.SQLFilter() method
to only escape if it's not been already escaped.
Thanks
-Vincent
> On 9/26/07, Vincent Massol <vincent at massol.net> wrote:
>> Hi,
>>
>> In order to properly fix the issues with escaping of single quote
>> characters, I'd like to propose adding the following methods in
>> *.api.XWiki:
>>
>> public List searchDocuments(String wheresql, List whereParams)
>> throws XWikiException
>> public List searchDocuments(String wheresql, int nb, int start,
>> List whereParams) throws XWikiException
>>
>> The idea is to allow parametrized HQL queries in XWiki documents
>> hence removing the issues with SQL escaping (For example this will
>> allow solving http://jira.xwiki.org/jira/browse/XWIKI-1768).
>>
>> Here's my +1
>>
>> Thanks
>> -Vincent
>
> Sergiu
> --
> http://purl.org/net/sergiu
> _______________________________________________
> devs mailing list
> devs at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/devs
More information about the devs
mailing list