26 Sep
2007
26 Sep
'07
8:46 a.m.
On Sep 26, 2007, at 8:32 AM, Sergiu Dumitriu wrote:
+1
How is the list going to be used? Something like:
" where doc.web = {0} and obj.className = {1}"?
Like any paramtrized HQL query with ? or :name:
Actually this signature for search() already exists in the non-api
XWiki class.
We need to make sure we don't double escape
content, as in several
places we have manually replaced % and ', so all the documents and
java code should be checked.
Yep, which is why I have also modified the Utils.SQLFilter() method
to only escape if it's not been already escaped.
Thanks
-Vincent
On 9/26/07, Vincent Massol <vincent(a)massol.net>
wrote:
Hi,
In order to properly fix the issues with escaping of single quote
characters, I'd like to propose adding the following methods in
*.api.XWiki:
public List searchDocuments(String wheresql, List whereParams)
throws XWikiException
public List searchDocuments(String wheresql, int nb, int start,
List whereParams) throws XWikiException
The idea is to allow parametrized HQL queries in XWiki documents
hence removing the issues with SQL escaping (For example this will
allow solving http://jira.xwiki.org/jira/browse/XWIKI-1768).
Here's my +1
Thanks
-Vincent
Sergiu
--
http://purl.org/net/sergiu
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs