26 Sep
2007
26 Sep
'07
8:32 a.m.
+1
How is the list going to be used? Something like:
" where doc.web = {0} and obj.className = {1}"?
We need to make sure we don't double escape content, as in several
places we have manually replaced % and ', so all the documents and
java code should be checked.
On 9/26/07, Vincent Massol <vincent(a)massol.net> wrote:
Hi,
In order to properly fix the issues with escaping of single quote
characters, I'd like to propose adding the following methods in
*.api.XWiki:
public List searchDocuments(String wheresql, List whereParams)
throws XWikiException
public List searchDocuments(String wheresql, int nb, int start,
List whereParams) throws XWikiException
The idea is to allow parametrized HQL queries in XWiki documents
hence removing the issues with SQL escaping (For example this will
allow solving http://jira.xwiki.org/jira/browse/XWIKI-1768).
Here's my +1
Thanks
-Vincent
Sergiu
--
http://purl.org/net/sergiu