XsqlBuilder用于可以动态构造sql语句,避免在构造sql时使用过多的 if 判断,与SafeSqlProcesser集成提供防止sql注入攻击,与DataModifier集成完成数据类型的转换
动态构造sql示例:
Java代码 
- String xsql = "select * from user where 1=1
- /~ and username = {username} ~/
- /~ and password = {password} ~/
- /~ and age = [age] ~/
- /~ and sex = [sex] ~/"
- Map filters = new HashMap();
- filters.put("username", "badqiu");
- filters.put("age", "12");
- filters.put("sex", "");
- XsqlFilterResult result = xsqlBuilder.applyFilters(xsql,filters);
String xsql = "select * from user where 1=1
/~ and username = {username} ~/
/~ and password = {password} ~/
/~ and age = [age] ~/
/~ and sex = [sex] ~/"
Map filters = new HashMap();
filters.put("username", "badqiu");
filters.put("age", "12");
filters.put("sex", "");
XsqlFilterResult result = xsqlBuilder.applyFilters(xsql,filters);
构造生成的结果result.getXsql()将会等于
Sql代码
- select * fromuserwhere 1=1 and username={username} and age=12
select * from user where 1=1 and username={username} and age=12
被过滤删除的段: /~ and password = {password} ~/这一段由于在filters中password不存在而没有被构造出来 /~ and sex = [sex] ~/由于sex的值为空串也没有被构造出来
最后result.acceptedFilters值
Java代码
- Map acceptedFilters = result.getAcceptedFilters();
- 会等于:
- {username=badqiu}
Map acceptedFilters = result.getAcceptedFilters();
会等于:
{username=badqiu}
相关符号介绍:
/~ segment... ~/ 为一个条件代码块 {key} 过滤器中起标记作用的key,作为后面可以替换为sql的?,或是hql的:username标记 [key] 将直接替换为key value
数据类型转换示例:
select * from user where and 1=1 /~ age={age?int} ~/ 将会将Map filters中key=age的值转换为int类型
项目地址:http://code.google.com/p/rapid-xsqlbuilder/
下载地址:http://rapid-xsqlbuilder.googlecode.com/files/xsqlbuilder-1.0.zip
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。