People have been forever zealous about jumping into new technologies, but still hanging on to obsolete ideas. Just noticed a code written for Hibernate, where HQL was formed appending several HQLs & then the parameters as well. I thought we were done with this, having identified security issues like SQL injections & the complete failure in utilizing any caching mechanism offered by Hibernate or event the database.
Use Criteria to handle these dynamic queries, at least it will be clean and secure. And Hibernate can even cache these internally, if not by the DB.
No comments:
Post a Comment