在Spring Data JPA中进行参数化查询以创建一个引发缺少用户或角色名称异常的用户 [英] Parameterized queries to create a user throwing missing user or role name exception in Spring Data JPA

问题描述

我正在尝试通过使用本机查询的spring data jpa在Oracle数据库中创建用户，但是失败并出现以下错误:缺少用户或角色名称异常

I am trying to create users in Oracle database using spring data jpa using native queries but it is failing with the error : missing user or role name exception

@Query(value="create user :userName identified by \"Qwert123!\"",nativeQuery=true)
void createUser(@Param("userName")String userName);

我偶然发现了一个类似的问题:

I stumbled upon a similar question : Parameterized queries to create a user throwing missing user or role name exception

如何使参数化查询在我的情况下起作用?

How can I make the parameterized queries work in my case?

推荐答案

首先，由于该方法正在执行DDL语句，因此需要向该方法添加@Modifying批注.

First you need to add an @Modifying annotation to that method since it is executing a DDL statement.

但是我也不认为用户名可以在SQL中作为参数传递，因此实际上您必须编写一个自定义方法，在其中使用String串联来汇编语句. 这样做时，请确保正确清理了该参数，并且您没有创建自己的 SQL注入漏洞.

But also I don't think the username can be passed as a parameter in SQL, so you actually have to write a custom method where you assemble the statement using String concatenation. When doing so make sure that the parameter is properly sanitized and you don't create yourself a SQL injection vulnerability.

这篇关于在Spring Data JPA中进行参数化查询以创建一个引发缺少用户或角色名称异常的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！