10.5. Using EL in EJB-QL/HQL
Seam proxies the
EntityManager
or Session
object whenever you use a Seam-managed persistence context or inject a container-managed persistence context with @PersistenceContext
. This lets you safely and efficiently use EL expressions in your query strings. For example, this:
User user = em.createQuery("from User where username=#{user.username}") .getSingleResult();
is equivalent to:
User user = em.createQuery("from User where username=:username") .setParameter("username", user.getUsername()) .getSingleResult();
Warning
Do not use the format below, because it is vulnerable to SQL injection attacks, as well as being inefficient.
User user = em.createQuery("from User where username=" + user.getUsername()).getSingleResult(); //BAD!