Re: svn commit: r707216 - in /ofbiz/trunk/framework/entity: dtd/entitymodel.xsd src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java src/org/ofbiz/entity/model/DynamicViewEntity.java src/org/ofbiz/entity/model/ModelViewEntity.java

> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java?rev=707216&r1=707215&r2=707216&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java (original)
> +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java Wed Oct 22 15:22:00 2008
> +    public static void makeViewFilterWhereClause(ModelViewEntity modelViewEntity, StringBuilder whereString) throws GenericEntityException {
> +
> +        for (ModelViewEntity.ModelFilter filter : modelViewEntity.getFilters()) {            
> +            ModelEntity filterEntity = modelViewEntity.getMemberModelEntity(filter.getEntityAlias());
> +            if (filterEntity == null) {
> +                throw new GenericEntityException("Link entity not found with alias: " + filter.getEntityAlias() + " for entity: " + modelViewEntity.getEntityName());
> +            }
> +            
> +            ModelField filterField = filterEntity.getField(filter.getFieldName());
> +            if (filterField == null) {
> +                throw new GenericEntityException("The field " + filter.getFieldName() + " does not appear to belong to entity " + modelViewEntity.getEntityName());                
> +            }
> +            if (whereString.length() > 0) {
> +                whereString.append(" AND ");
> +            }
> +            whereString.append(filter.getEntityAlias());
> +            whereString.append(".");
> +            whereString.append(filterColName(filterField.getColName()));
> +            
> +            EntityOperator<?> entityOperator = EntityOperator.lookup(filter.getOperator());
> +            if (entityOperator == null) {
> +             throw new GenericEntityException("Operator " + filter.getOperator() + " not supported in filter for entity: " + modelViewEntity.getEntityName());

> One substantial comment below, bad code.
>
> Nice feature otherwise, but it doesn't support conditions, only constant
> values.
>
> This really should be done using the EntityCondition framework, so that
> the sql generating code can be reused and not duplicated.
>
> [hidden email] wrote:
>> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java?rev=707216&r1=707215&r2=707216&view=diff
>> ==============================================================================
>> --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java (original)
>> +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java Wed Oct 22 15:22:00 2008
>> +    public static void makeViewFilterWhereClause(ModelViewEntity modelViewEntity, StringBuilder whereString) throws
>> GenericEntityException {
>> +
>> +        for (ModelViewEntity.ModelFilter filter : modelViewEntity.getFilters()) {
>> +            ModelEntity filterEntity = modelViewEntity.getMemberModelEntity(filter.getEntityAlias());
>> +            if (filterEntity == null) {
>> +                throw new GenericEntityException("Link entity not found with alias: " + filter.getEntityAlias() + " for entity:
>> " + modelViewEntity.getEntityName());
>> +            }
>> +
>> +            ModelField filterField = filterEntity.getField(filter.getFieldName());
>> +            if (filterField == null) {
>> +                throw new GenericEntityException("The field " + filter.getFieldName() + " does not appear to belong to entity "
>> + modelViewEntity.getEntityName());
>> +            }
>> +            if (whereString.length() > 0) {
>> +                whereString.append(" AND ");
>> +            }
>> +            whereString.append(filter.getEntityAlias());
>> +            whereString.append(".");
>> +            whereString.append(filterColName(filterField.getColName()));
>> +
>> +            EntityOperator<?> entityOperator = EntityOperator.lookup(filter.getOperator());
>> +            if (entityOperator == null) {
>> +            throw new GenericEntityException("Operator " + filter.getOperator() + " not supported in filter for entity: " +
>> modelViewEntity.getEntityName());
>
> Tabbing is wrong on this line.
>
>> +            }
>> +            whereString.append(" ").append(entityOperator.getCode()).append(" ");
>> +
>> +            whereString.append("'" + filter.getValue().replaceAll("'", "''") + "'");
>> +        }
>>      }
>>
>
> ICK!  Danger Will Robinson, Danger!
>
> Do NOT use string concatenation.  Use prepared statements.  Plus, the
> quoting used is not portable.
>

> Hi Adam,
>
> I was not aware of all the context. From this thread http://lists.ofbiz.org/pipermail/dev/2004-March/004381.html 
>  I see now what you
> mean.
> I agree that Oscar's solution is missing operators (your solution  
> with EntityCondition allows operators) and that I should have used
> prepared statements for.
> Should I revert right now before people notice and begin to use it ?  
> Or could we extend this syntax with your solution  ?
>
> Jacques
>
> From: "Adam Heath" <[hidden email]>
>> One substantial comment below, bad code.
>>
>> Nice feature otherwise, but it doesn't support conditions, only  
>> constant
>> values.
>>
>> This really should be done using the EntityCondition framework, so  
>> that
>> the sql generating code can be reused and not duplicated.
>>
>> [hidden email] wrote:
>>> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/
>>> SqlJdbcUtil.java
>>> URL:
>>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java?rev=707216&r1=707215&r2=707216&view=diff
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>> --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/
>>> SqlJdbcUtil.java (original)
>>> +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/
>>> SqlJdbcUtil.java Wed Oct 22 15:22:00 2008
>>> +    public static void makeViewFilterWhereClause(ModelViewEntity  
>>> modelViewEntity, StringBuilder whereString) throws
>>> GenericEntityException {
>>> +
>>> +        for (ModelViewEntity.ModelFilter filter :  
>>> modelViewEntity.getFilters()) {
>>> +            ModelEntity filterEntity =  
>>> modelViewEntity.getMemberModelEntity(filter.getEntityAlias());
>>> +            if (filterEntity == null) {
>>> +                throw new GenericEntityException("Link entity not  
>>> found with alias: " + filter.getEntityAlias() + " for entity:
>>> " + modelViewEntity.getEntityName());
>>> +            }
>>> +
>>> +            ModelField filterField =  
>>> filterEntity.getField(filter.getFieldName());
>>> +            if (filterField == null) {
>>> +                throw new GenericEntityException("The field " +  
>>> filter.getFieldName() + " does not appear to belong to entity "
>>> + modelViewEntity.getEntityName());
>>> +            }
>>> +            if (whereString.length() > 0) {
>>> +                whereString.append(" AND ");
>>> +            }
>>> +            whereString.append(filter.getEntityAlias());
>>> +            whereString.append(".");
>>> +            
>>> whereString.append(filterColName(filterField.getColName()));
>>> +
>>> +            EntityOperator<?> entityOperator =  
>>> EntityOperator.lookup(filter.getOperator());
>>> +            if (entityOperator == null) {
>>> +            throw new GenericEntityException("Operator " +  
>>> filter.getOperator() + " not supported in filter for entity: " +
>>> modelViewEntity.getEntityName());
>>
>> Tabbing is wrong on this line.
>>
>>> +            }
>>> +            whereString.append("  
>>> ").append(entityOperator.getCode()).append(" ");
>>> +
>>> +            whereString.append("'" +  
>>> filter.getValue().replaceAll("'", "''") + "'");
>>> +        }
>>>     }
>>>
>>
>> ICK!  Danger Will Robinson, Danger!
>>
>> Do NOT use string concatenation.  Use prepared statements.  Plus, the
>> quoting used is not portable.
>>
>

>
> Jacques,
>
> It might be good to revert temporarily until the solution is refined,  especially the design aspects of it.
>
> -David
>
>
> On Oct 24, 2008, at 7:48 AM, Jacques Le Roux wrote:
>
>> Hi Adam,
>>
>> I was not aware of all the context. From this thread http://lists.ofbiz.org/pipermail/dev/2004-March/004381.html I see now what
>> you
>> mean.
>> I agree that Oscar's solution is missing operators (your solution  with EntityCondition allows operators) and that I should have
>> used
>> prepared statements for.
>> Should I revert right now before people notice and begin to use it ?  Or could we extend this syntax with your solution  ?
>>
>> Jacques
>>
>> From: "Adam Heath" <[hidden email]>
>>> One substantial comment below, bad code.
>>>
>>> Nice feature otherwise, but it doesn't support conditions, only  constant
>>> values.
>>>
>>> This really should be done using the EntityCondition framework, so  that
>>> the sql generating code can be reused and not duplicated.
>>>
>>> [hidden email] wrote:
>>>> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/ SqlJdbcUtil.java
>>>> URL:
>>>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/SqlJdbcUtil.java?rev=707216&r1=707215&r2=707216&view=diff
>>>> = = = = = = = = = = ====================================================================
>>>> --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/ SqlJdbcUtil.java (original)
>>>> +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/jdbc/ SqlJdbcUtil.java Wed Oct 22 15:22:00 2008
>>>> +    public static void makeViewFilterWhereClause(ModelViewEntity  modelViewEntity, StringBuilder whereString) throws
>>>> GenericEntityException {
>>>> +
>>>> +        for (ModelViewEntity.ModelFilter filter :  modelViewEntity.getFilters()) {
>>>> +            ModelEntity filterEntity =  modelViewEntity.getMemberModelEntity(filter.getEntityAlias());
>>>> +            if (filterEntity == null) {
>>>> +                throw new GenericEntityException("Link entity not  found with alias: " + filter.getEntityAlias() + " for
>>>> entity:
>>>> " + modelViewEntity.getEntityName());
>>>> +            }
>>>> +
>>>> +            ModelField filterField =  filterEntity.getField(filter.getFieldName());
>>>> +            if (filterField == null) {
>>>> +                throw new GenericEntityException("The field " +  filter.getFieldName() + " does not appear to belong to entity
>>>> "
>>>> + modelViewEntity.getEntityName());
>>>> +            }
>>>> +            if (whereString.length() > 0) {
>>>> +                whereString.append(" AND ");
>>>> +            }
>>>> +            whereString.append(filter.getEntityAlias());
>>>> +            whereString.append(".");
>>>> +             whereString.append(filterColName(filterField.getColName()));
>>>> +
>>>> +            EntityOperator<?> entityOperator =  EntityOperator.lookup(filter.getOperator());
>>>> +            if (entityOperator == null) {
>>>> +            throw new GenericEntityException("Operator " +  filter.getOperator() + " not supported in filter for entity: " +
>>>> modelViewEntity.getEntityName());
>>>
>>> Tabbing is wrong on this line.
>>>
>>>> +            }
>>>> +            whereString.append("  ").append(entityOperator.getCode()).append(" ");
>>>> +
>>>> +            whereString.append("'" +  filter.getValue().replaceAll("'", "''") + "'");
>>>> +        }
>>>>     }
>>>>
>>>
>>> ICK!  Danger Will Robinson, Danger!
>>>
>>> Do NOT use string concatenation.  Use prepared statements.  Plus, the
>>> quoting used is not portable.
>>>
>>
>