-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 
  Previous topic | Next topic 
Author Message
jake142
 Post subject: SELECT with hibernate problem - newbie
PostPosted: Sun Oct 22, 2006 7:22 am 
Newbie

Joined: Sun Oct 22, 2006 7:11 am
Posts: 7
Hi,

I cant select using hibernate (insert works fine). This is my code:

User userAuth = null;
Transaction tx = null;
Session session = InitSessionFactory.getInstance().getCurrentSession();
try
{
tx = session.beginTransaction();
List users = session.createQuery("from db_user where name='"+request.getParameter("username")+"' AND password='"+request.getParameter("password")+"'").list();
userAuth = (User)users.get(0);
tx.commit();
}
catch (HibernateException e)
{
if (tx != null && tx.isActive())
tx.rollback();
}

this is the User xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd" >
<hibernate-mapping>
<class name="se.tesella.persistent.User" table="DB_USER">
<id name="ID" column="ID" type="java.lang.Integer">
<generator class="increment"/>
</id>
<property name="name" column="NAME" type="java.lang.String" />
<property name="password" column="PASSWORD" type="java.lang.String" />
<property name="searchString" column="SEARCHSTRING" type="java.lang.String" />
</class>
</hibernate-mapping>

The object userAuth is always null. (I've managed to insert som users though)

Kind regards
Top
 Profile  
 
jaikiran
 Post subject:
PostPosted: Sun Oct 22, 2006 8:08 am 
Regular
Regular

Joined: Wed Jul 27, 2005 2:33 am
Posts: 118
Quote:
List users = session.createQuery("from db_user where name='"+request.getParameter("username")+"' AND password='"+request.getParameter("password")+"'").list();


Your query looks wrong. It should be:

Code:
List users = session.createQuery("from User u where u.name='"+request.getParameter("username")+"' AND u.password='"+request.getParameter("password")+"'").list();


Top
 Profile  
 
christian
 Post subject:
PostPosted: Sun Oct 22, 2006 9:33 am 
Hibernate Team
Hibernate Team

Joined: Mon Aug 25, 2003 9:11 pm
Posts: 4592
Location: Switzerland
You just advised someone to create a SQL injection security hole in their application.
Top
 Profile  
 
jaikiran
 Post subject:
PostPosted: Sun Oct 22, 2006 10:17 am 
Regular
Regular

Joined: Wed Jul 27, 2005 2:33 am
Posts: 118
Quote:
You just advised someone to create a SQL injection security hole in their application


Sorry, didn't get you
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.