This week's book giveaway is in the Testing forum. We're giving away four copies of Data Structures the Fun Way: An Amusing Adventure with Coffee-Filled Examples and have Jeremy Kubica on-line! See this thread for details.
Thank you for providing us a good book.Looking forward to reading it. I have a few questions.
What is your view on Criteria API effectively handling SQL injection Attacks.
Is the performance of Criteria API better when compared to JPQL or HQL.
Is there a possibility to invoke stored procedures in versions prior to JPA 2.1. It seems difficult to use native SQL queries because it does not support stored procedures that have OUTPUT or INOUT parameters.
Hibernate uses PreparedStatements for every SQL statement that is executed, so, as long as you don't concatenate SQL strings, you should be fine with JPQL, Criteria API, and native queries too.
I find JPQL much more expressive than Criteria API. However, Criteria API is the right tool for building dynamic entity queries programmatically and in a type-safe way.
This way, JPQL and Criteria API are complementary, not competing one against each other.
Criteria API creates more objects that JPQL, so the performance penalty comes only from more work being done by GC.
JPA 2.1 allows you to call stored procedure, check out this article that I wrote, and ParameterMode supports IN, OUT, INOUT and REF_CURSOR too.