谷歌数据存储问题与查询*用户*类型 [英] Google Datastore problem with query on *User* type
问题描述
在这个问题上,我解决了问题查询Google Datastore以按用户(com.google.appengine.api.users.User)检索内容:
用户user = userService.getCurrentUser();
String select_query =select from+ Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter(author == paramAuthor);
query.declareParameters(java.lang.String paramAuthor);
greetings =(List< Greeting>)query.execute(user);
上述工作正常 - 但经过一些混乱之后,我意识到这种语法并不实用,需要构建更复杂的查询 - 因此我决定手动构建我的过滤器,现在我得到了类似以下的示例(过滤器通常以字符串变量的形式传入,但现在为简单起见已内置内联) p>
User user = userService.getCurrentUser();
String select_query =select from+ Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter(author =='+ user.getEmail()+');
greetings =(List< Greeting>)query.execute();
很明显,即使这个语法 field ='value '是受JDOQL支持并且它在其他字段(字符串类型和枚举)上工作正常。另一个奇怪的问题是,在应用程序引擎仪表板中查看数据查看器的'author'字段存储为类型为 User 但值为'user@gmail.com',然后再次我将它设置为参数(上面的情况很好)我将参数声明为String,然后传递User(user)的实例,该实例通过简单的 toString()(我猜)。
任何人有什么想法?
在查询语言中使用字符串替换始终是一个坏主意。这对用户来说太容易了,而且会破坏你的环境,并且引入了一系列编码问题等。
你以前的参数有什么问题替代方法?据我所知,它支持一切,它回避任何分析问题。至于知道要传递多少个参数的问题,您可以使用Query.executeWithMap或Query.executeWithArray来执行含有未知数量参数的查询。
On this question I solved the problem of querying Google Datastore to retrieve stuff by user (com.google.appengine.api.users.User) like this:
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == paramAuthor");
query.declareParameters("java.lang.String paramAuthor");
greetings = (List<Greeting>) query.execute(user);
The above works fine - but after a bit of messing around I realized this syntax in not very practical as the need to build more complicated queries arises - so I decided to manually build my filters and now I got for example something like the following (where the filter is usually passed in as a string variable but now is built inline for simplicity):
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == '"+ user.getEmail() +"'");
greetings = (List<Greeting>) query.execute();
Obviously this won't work even if this syntax with field = 'value' is supported by JDOQL and it works fine on other fields (String types and Enums). The other strange thing is that looking at the Data viewer in the app-engine dashboard the 'author' field is stored as type User but the value is 'user@gmail.com', and then again when I set it up as parameter (the case above that works fine) I am declaring the parameter as a String then passing down an instance of User (user) which gets serialized with a simple toString() (I guess).
Anyone any idea?
Using string substitution in query languages is always a bad idea. It's far too easy for a user to break out and mess with your environment, and it introduces a whole collection of encoding issues, etc.
What was wrong with your earlier parameter substitution approach? As far as I'm aware, it supports everything, and it sidesteps any parsing issues. As far as the problem with knowing how many arguments to pass goes, you can use Query.executeWithMap or Query.executeWithArray to execute a query with an unknown number of arguments.
这篇关于谷歌数据存储问题与查询*用户*类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
