This post originated from an RSS feed registered with Java Buzz
by Geoffrey Wiseman.
Original Post: Hibernate: Case Insensitive Searches
Feed Title: Furious Purpose
Feed URL: http://www.jroller.com/diathesis/feed/entries/rss
Feed Description: Thoughts and experiences on technology and software.
It's just been one of those days. I want a simple case-insensitive search in
Hibernate 2.X, which ... has turned out to be surprisingly painful.
Functions: Database and JDBC Scalar Escapes
Hibernate supports using database-specific functions like UPPER(), but I can't
find any sign that it does or does not support JDBC function escape syntax that
would be somewhat more cross-platform. I have the feeling I've looked for this
before.
Criteria Api
Since I'd rather not make my queries database-specific, I thought I'd check in
the criteria API to see if there was any support there. It seems that there is:
the EqExpression class supports an 'ignoreCase' parameter. Unfortunately, since
that isn't exposed through the Expression facade (e.g. Expression.eq())), this
took me more time to discover.
Criteria MatchMode.EXACT
However, I also discovered something unexpected that could lead to some minor
vulnerabilities in applications that use Hibernate.
Hibernate enables you to perform like and case-insensitive like expressions using
Expression.like(). You can apply MatchMode to indicate if you want the expression
to be found at the start, at the end, or to be an exact match, and MatchMode will
put the requisite '%' wildcards in place for you.
What I've discovered is that MatchMode.EXACT does only half of what I had expected;
it doesn't add any wildcards, but doesn't escape any wildcards that you might have
already inserted. This capability is useful -- If I want to search for LIKE 'J%Smith',
I can. I'm just worried that some developers might expect, as I had, that EXACT
means that wildcards are not in play, and accidentally expose more power to their
users than they had intended.
Previous Topic
