[jboss-cvs] jboss-seam/doc/reference/en/modules ...
Gavin King
gavin.king at jboss.com
Sun Feb 25 17:14:54 EST 2007
User: gavin
Date: 07/02/25 17:14:54
Modified: doc/reference/en/modules persistence.xml tutorial.xml
Log:
EL in QL
Revision Changes Path
1.8 +32 -0 jboss-seam/doc/reference/en/modules/persistence.xml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: persistence.xml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/doc/reference/en/modules/persistence.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- persistence.xml 4 Feb 2007 17:42:27 -0000 1.7
+++ persistence.xml 25 Feb 2007 22:14:53 -0000 1.8
@@ -414,6 +414,38 @@
</section>
<section>
+ <title>Using EL in EJB-QL/HQL</title>
+ <para>
+ Seam proxies the <literal>EntityManager</literal> or <literal>Session</literal>
+ object whenever you use a Seam-managed persistence context or inject a container
+ managed persistence context using <literal>@PersistenceContext</literal>. This
+ lets you use EL expressions in your query strings, safely and efficiently. For
+ example, this:
+ </para>
+
+ <programlisting><![CDATA[User user = em.createQuery("from User where username=#{user.username}")
+ .getSingleResult();]]></programlisting>
+
+ <para>is equivalent to:</para>
+
+ <programlisting><![CDATA[User user = em.createQuery("from User where username=:username")
+ .setParameter("username", user.getUsername())
+ .getSingleResult();]]></programlisting>
+
+ <para>
+ Of course, you should never, ever write it like this:
+ </para>
+
+ <programlisting><![CDATA[User user = em.createQuery("from User where username=" + user.getUsername()) //BAD!
+ .getSingleResult();]]></programlisting>
+
+ <para>
+ (It is inefficient and vulnerable to SQL injection attacks.)
+ </para>
+
+ </section>
+
+ <section>
<title>Using Hibernate filters</title>
<para>
1.79 +10 -2 jboss-seam/doc/reference/en/modules/tutorial.xml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: tutorial.xml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/doc/reference/en/modules/tutorial.xml,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -b -r1.78 -r1.79
--- tutorial.xml 24 Feb 2007 18:38:40 -0000 1.78
+++ tutorial.xml 25 Feb 2007 22:14:53 -0000 1.79
@@ -345,6 +345,7 @@
<area id="registration-persistencecontext-annotation" coords="9"/>
<area id="registration-logger-annotation" coords="12"/>
<area id="registration-action-listener" coords="15"/>
+ <area id="registration-query" coords="18"/>
<area id="registration-log" coords="24"/>
<area id="registration-outcome" coords="25"/>
<area id="registration-builtin" coords="29"/>
@@ -365,8 +366,8 @@
public String register()
{
- List existing = em.createQuery("select username from User where username=:username")
- .setParameter("username", user.getUsername())
+ List existing = em.createQuery(
+ "select username from User where username=#{user.username}")
.getResultList();
if (existing.size()==0)
@@ -419,6 +420,13 @@
<literal>register()</literal> method is called, and committed when it completes.
</para>
</callout>
+ <callout arearefs="registration-query">
+ <para>
+ Notice that Seam lets you use a JSF EL expression inside EJB-QL. Under the covers,
+ this results in an ordinary JPA <literal>setParameter()</literal> call on the
+ standard JPA <literal>Query</literal> object. Nice, huh?
+ </para>
+ </callout>
<callout arearefs="registration-log">
<para>
The <literal>Log</literal> API lets us easily display templated log messages.
More information about the jboss-cvs-commits
mailing list