<select id="getAllScore" resultClass="score" parameterClass="java.util.List">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #value[]#
        </iterate>
</select>


You can define a list in the parameterClass. But what about a array? You cannot define array like int[] in the parameter class. Most surprising thing is, for an array you do not have to define a parameterClass in iBATIS. If nothing is defined as parameterClass then it is considered as Array.

If you want to iterate over an array with then the following code works fine. Every array elements will be printed in the code #[]#.

<select id="getAllScore" resultClass="score">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #[]#
        </iterate>
</select>

By: Md. Shahjalal

Even the idea site is misleading to the solution of this problem. They ask to follow a solution from stack overflow site. But that is not a solution too.

Solution:From idea’s Run/Debug configuration click on browse besides “Prefer Android Virtual Device for deployment”. Then from “Select Android Virtual Device” screen click on Android SDK Manage Then from Android SDK Manager, click on Tools and choose Manage AVDs. Then from Android Virtual Device Manage Click New and create the AVD for version 4.

Now run the project for version 4. Hello World.

By: Md. Shahjalal


public enum Employee {
    PART_TIME,
    FULL_TIME;
}


Now if you want to compare the Enum value in jsp if tag directly like following,

<c:if test="${bean.employee == '<%=Employee.PART_TIME%>'}">
.........
</c:if>


JSP generates error. But if you assign the value to a variable and compare then this is allowed as following


<c:set var="partTime" value="<%=Employee.PART_TIME%>"/>
<c:if test="${bean.employee == partTime'}">
.........
</c:if>


By Md. Shahjalal

Scenario: For showing list of Clients with pagination (max 10 per page).
def list = {
if(!params.max) params.max = 10
[clientList: Client.list(params)]
}


Possible Attack: Changing the max value to 100000000 in the request

Result: Query result loads 100000000 client data and again occurs an out of memory error

Possible Solutions in Groovy and Grails:
def list = {
params.max = Math.min( params.max?.toInteger() ?: 0, 100)
[clientList: Client.list(params)]
}

at worst case it will load just 100 records.

Reference: The Definite Guide to Grails, 2nd Edition

Scenario: We have a client object with not null last name. A search query like following:
search = {
Client.findAll("from Client where lastName='"+ params.lastName +"'")
}

Possible Attack:
if param.lastName = ‘ or id > 0 send with request the query becomes:
search = {
Client.findAll("from Client where lastName='' or id > 0")
}

Result:
All the client from the database will be fetched and resulted out of memory error

Possible Solutions in Groovy and Grails:

search = {
Client.findAll("from Client where lastName= :lastName", [lastName: params.lastName)
}
or
search = {
Client.findAll("from Client where lastName= ?", [lastName: params.lastName)
}
or
Client.withCriteria {
eq('lastName', params.lastName)
}
or
Client.findAllByLastName(params.lastName)

Reference: Definite Guide to Grails, 2nd Edition