{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Use Named Queries with Hibernate

by Serge Truth on August 16, 2011

Applies to

Java web-based applications using Hibernate

Summary

Executing Named Queries using Hibernate.

Objectives

Use Hibernate named queries to perform database operations safely.

Scenarios

HibernateHibernate named queries provide a data access and manipulation mechanism that closely ties the query content to the Java code defining the objects that the query is executing against. It also removes the actual query language from Java code, which is a common tactic and creates certain maintainability issues. A security related advantage to named queries is that dynamic data must be bound, which prevents SQL injection attacks. The code below shows how to both define and use named queries in Hibernate.

Solution Example

1a. Define your entity class and use the @NamedQuery (or @NamedQueries with multiple @NamedQuery's) annotation to define each named query. The examples below are straightforward.

@Entity

@NamedQuery(

name="Product.findAllProductsByProductName",

queryString="from Product pro WHERE pro.name = :productName"

)

 

public class Product {

...

}

 

@Entity

@NamedQueries({

@NamedQuery(name="Product.findAllProducts", queryString="from Product pro"),

@NamedQuery(name="Product.findAllProductsByProductId", queryString="from Product pro where pro.id = :productId"),

@NamedQuery(name="Product.findAllProductsByProductName", queryString="from Product pro where pro.name = :productName"),

@NamedQuery(name="Product.findAllProductsByProductPrice", queryString="from Product pro where pro.price between :minPrice and :maxPrice")

})

 

public class Product {

...

}

1b. An alternative to using the Entity and NamedQuery annotations is to define the named queries in the hibernate XML configuration mapping files. An example is below.

<!-- product.hbm.xml -->

<hibernate-mapping>

<class name="com.myapp.domain.Product" table="Product">

<id ...>

<property ...>

<property ...>

<property ...>

...

</class>

<query name="Product.findAllProductsByProductName">

<![CDATA[from Product pro where pro.name = :productName]]>

</query>

<query name="Product.findAllProductsByProductPrice">

<![CDATA[from Product pro where pro.price between :minPrice and :maxPrice]]>

</query>

....

</hibernate-mapping>

2. Use the defined named queries in code. If there is a need for dynamic data, use the parameter binding mechanism included in the query implementation.

--------------------------

Example using dynamic data

--------------------------

//get hibernate session

Session session = ...;

//get dynamic data

//request parameters should be validated before use - this is a simple example

String productName = request.getParameter("product_name");

//use entity manager to retrieve named query

Query queryProductsByName = session.createNamedQuery("Product.findAllProductsByProductName");

//set dynamic data for query

queryProductsByName.setString("productName", productName);

//execute query and get results

List products = queryProductsByName.list();

--------------------------

Example without using dynamic data

--------------------------

//get hibernate session

Session session = ...;

//use entity manager to retrieve named query

Query queryProducts = session.createNamedQuery("Product.findAllProducts", Product.class);

//execute query and get results

List products = queryProducts.list();

The examples above show how to use named queries within Hibernate to create an environment where the queries are defined closely with the data they are operating against and that are safely used by requiring bound parameters for dynamic data. The use of other types of queries works in an identical manner, such as delete, update, insert, etc.

See Also

Links to API references and other useful links.

http://www.javalobby.org/java/forums/m91885316.html

http://www.mkyong.com/hibernate/hibernate-named-query-examples/

http://docs.jboss.org/hibernate/core/3.3/reference/en/html/queryhql.html

Topics: developer guidance, application security

Most Recent

What's Trending

Featured Resource