It's considered to be a dangerous approach to build dynamic queries as
it can result in an unexpected query string if the value is substituted
by a malicious code.
You can solve this problem by predefining those ordered queries as named
queries and dynamically choosing an appropriate one.
regards,
-marina
Trimble Daniel - dtrimb wrote:
> Query query = em.createQuery("SELECT c FROM Contact c order by " +
> orderKey + " " + direction );
>
> I am trying to setup some dynamic ordering in my JPQL query. Is there
> any better way to do it than this? Even using a parameter would be nice,
> but it seems to not like putting a parameter after an order by. It would
> be nice if there was an em.setOrderByKey or something.
>
> ***************************************************************************
> The information contained in this communication is confidential, is
> intended only for the use of the recipient named above, and may be legally
> privileged.
>
> If the reader of this message is not the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
>
> If you have received this communication in error, please resend this
> communication to the sender and delete the original message or any copy
> of it from your computer system.
>
> Thank You.
> ****************************************************************************