I have a criteria query that uses some params entered by the user, such

Question

0

Asked: May 26, 20262026-05-26T22:46:50+00:00 2026-05-26T22:46:50+00:00

I have a criteria query that uses some params entered by the user, such

0

I have a criteria query that uses some params entered by the user, such as:

def query = MyTable.createCriteria()
def myQueryResult = query.list() {
   if (params.minToInvestMin)
                ge('minimalToInvest', params.minToInvestMin.toBigDecimal())
   if (params.minToInvestMax)
                le('minimalToInvest', params.minToInvestMax.toBigDecimal())
}

I have read the Grails doc on the subject as well as some other articles, but it only speaks about HQL way to avoid SQL injections.

Does criteria uses HQL in the backscene?
Or more directly, is this type of criteria query safe to SQL injections?

I am fairly new to security matters.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T22:46:51+00:00

Editorial Team

2026-05-26T22:46:51+00:00Added an answer on May 26, 2026 at 10:46 pm

Yes, the criteria statements in your example are safe from injection.

Criteria statements are just a convenient builder for Hibernate’s Criteria API, so any query you construct with it is afforded all of the same behavior.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a criteria query that uses some params entered by the user, such

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply