[jboss-jira] [JBoss JIRA] (HIBERNATE-145) Issue in HQL to SQL Conversion for Order By Clause
Hitesh Saliya (JIRA)
issues at jboss.org
Thu Sep 18 09:13:02 EDT 2014
[ https://issues.jboss.org/browse/HIBERNATE-145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hitesh Saliya updated HIBERNATE-145:
------------------------------------
Description:
Created HQL Query with string : " select * from tableName where id=1 order by id desc 'any content' ".
Its executing with no error.
Generated SQL : " select * from tableName where id=1 order by id desc "
Here, for hql with order by clause, anything written after order by inside '...' is removed.
Is this behavior is for sql injection threat or its a bug in translation engine?
> Issue in HQL to SQL Conversion for Order By Clause
> --------------------------------------------------
>
> Key: HIBERNATE-145
> URL: https://issues.jboss.org/browse/HIBERNATE-145
> Project: Hibernate Integration
> Issue Type: Bug
> Reporter: Hitesh Saliya
> Assignee: Steve Ebersole
> Priority: Minor
>
> Created HQL Query with string : " select * from tableName where id=1 order by id desc 'any content' ".
> Its executing with no error.
> Generated SQL : " select * from tableName where id=1 order by id desc "
> Here, for hql with order by clause, anything written after order by inside '...' is removed.
> Is this behavior is for sql injection threat or its a bug in translation engine?
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list