Wrong. Using named queries means that (at least with sensible persistence engines) that your queries are parsed at startup time (technically when the persistence engine is instantiated). Your application fails early, and that is a good thing.
There is a further idea lurking below, so read on!
Consider the following code (Spring-/Hibernate-y, but the principle is general):
public User findUserByName(String username) {
return (User)getHibernateTemplate().find("select from User u where u.username = '" + username + "'");
}
Leaving aside the obvious stupidity of using string concatenation to construct queries (can you say "SQL injection"?), there is a further problem here.
Look at the User class:
@Entity
public class User {
@Id @GeneratedValue public Long id;
public String userName;
}
Spot the problem.
The above query will fail at runtime, with an error message along the lines of "failed to find property username of User"; the capitalization is wrong.
Of course, you will catch this during testing. You will, right? Right?
But why not let the engine catch it for you?
@Entity
@NamedQuery(name="User.byName", query="select from User u where u.userName = :username")
public class User {
@Id @GeneratedValue public Long id;
public String userName;
}
Any errors in the query will be reported at startup time. However, we introduce another failure point: What if you mistype the query name when using it? Or, for that matter, when defining it - I've done both?
public User findUserByName(String username) {
return (User)getHibernateTemplate().findByNamedQueryAndNamedParam("User.byname", "username", username);
}
But we have a compiler; introduce a constant and let it do the work for us!
@Entity
@NamedQuery(name=User.BY_NAME, query="select from User u where u.userName = :username")
public class User {
public static final String BY_NAME = "User.byName";
@Id @GeneratedValue public Long id;
public String userName;
}
public User findUserByName(String username) {
return (User)getHibernateTemplate().findByNamedQueryAndNamedParam(User.BY_NAME, "username", username);
}
End of problem.
Of course, you still have to remember how many parameters a query takes and what their names are. If I come up with a solution, you'll be the first to know.
No comments:
Post a Comment