I know that creating them dynamically like that is bad, that's why I was hoping there was a better way.
But from what you were saying, if I have 10 attributes in my class, and I want to be able to order by any of them, ascending or descending, then I will have to define 20 Named queries...? That seems like a lot, but it is safe.
-----Original Message-----
From: Marina Vatkina [mailto:Marina.Vatkina_at_Sun.COM]
Sent: Wed 8/23/2006 6:37 PM
To: persistence_at_glassfish.dev.java.net
Cc: Trimble Daniel - dtrimb
Subject: Re: Order By in Query
It's considered to be a dangerous approach to build dynamic queries as
it can result in an unexpected query string if the value is substituted
by a malicious code.
You can solve this problem by predefining those ordered queries as named
queries and dynamically choosing an appropriate one.
regards,
-marina
Trimble Daniel - dtrimb wrote:
> Query query = em.createQuery("SELECT c FROM Contact c order by " +
> orderKey + " " + direction );
>
> I am trying to setup some dynamic ordering in my JPQL query. Is there
> any better way to do it than this? Even using a parameter would be nice,
> but it seems to not like putting a parameter after an order by. It would
> be nice if there was an em.setOrderByKey or something.
>
> ***************************************************************************
> The information contained in this communication is confidential, is
> intended only for the use of the recipient named above, and may be legally
> privileged.
>
> If the reader of this message is not the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
>
> If you have received this communication in error, please resend this
> communication to the sender and delete the original message or any copy
> of it from your computer system.
>
> Thank You.
> ****************************************************************************