Value Expressions in EntityQuery's ejbql

so38 Oct 23, 2008 5:56 PM

In seam 2.0 I was able to put Value Expressions in the EntityQuery's ejbql directly. For example:

ejbql="from User user where user.role = #{testRole}"

When I upgraded to 2.1 this starts failing. It seems by the time the hql query is created #{testRole} in the ejbql is just the toString instead of the actual testRole object. I could move the restriction to the EntityQuery's restrictions and it would work fine. However, as far as I know the restrictions on EntityQuery do not support or clauses. Previously I was putting most of me restrictions in the ejbql because I was using or clauses.

1. Re: Value Expressions in EntityQuery's ejbql

nicolas.bielza Jan 7, 2009 4:03 PM (in response to so38)

We're facing the same problem. It's worth noting that this new behavior makes EntityQuery vulnerable to SQL injection: The Value Expression is not a parameter of the query, it is resolved and inserted in the query.
Actions
2. Re: Value Expressions in EntityQuery's ejbql

nicolas.bielza Jan 8, 2009 5:17 PM (in response to so38)

This problem only appears when defining EntityQueries in components.xml. When we extend EntityQuery in Java code, using EL in EJBQL works as previously.

So the problem seems to be related to the way in which query components are being instantiated from their XML description.
Actions

Go to original post