lmajano
commented
5 years ago Noted
Closed jclausen closed 5 years ago
lmajano
commented
5 years ago Noted
lmajano
commented
5 years ago sqlRestriction() deprecated in favor of the shorthand notation: sql()sql() restriction now supports binding positional parameters. You can pass them in an array and we will infer the types: sql( "id = ? and isActive = ?", [ "123", true ] ). Or you can pass in a struct of {value:"", type:""} instead:restrictions.sql( "userName = ? and firstName like ?", [
{ value : "joe", type : "string" },
{ value : "%joe%", type : "string" }
] );The available types are the following which match the Hibernate Types
this.TYPES = {
"string" : "StringType",
"clob" : "ClobType",
"text" : "TextType",
"char" : "ChareacterType",
"boolean" : "BooleanType",
"yesno" : "YesNoType",
"truefalse" : "TrueFalseType",
"byte" : "ByteType",
"short" : "ShortType",
"integer" : "IntegerType",
"long" : "LongType",
"float" : "FloatType",
"double" : "DoubleType",
"bigInteger" : "BigIntegerType",
"bigDecimal" : "BigDecimalType",
"timestamp" : "TimestampType",
"time" : "TimeType",
"date" : "DateType",
"calendar" : "CalendarType",
"currency" : "CurrencyType",
"locale" : "LocaleType",
"timezone" : "TimeZoneType",
"url" : "UrlType",
"class" : "ClassType",
"blob" : "BlobType",
"binary" : "BinaryType",
"uuid" : "UUIDCharType",
"serializable" : "SerializableType"
};
The java method accepts params and typing of params ( https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/criterion/Restrictions.java#L463 ), while the CBORM implementation accepts only the first argument of an SQL strings.
Implement the ability for the method to accept an array of params as the second argument and either auto-type or allow a third argument of types.
This will allow search building which might require native DBMS functionality to stay SQL injection-safe