在Hibernate查询上查询setParameter [英] Chaning setParameter on Hibernate Query

问题描述

正如你所看到的，我有两个命名参数，一个由setParameterList（）设置，另一个由setParmeter（）设置。问题是List没有被排序。当我明确地设置订单字段时，它可以正常工作，但是相同的字符串正在传递给它不起作用的方法。是不是setParameter和setParameterList链接？他们都返回一个查询，我不明白为什么不。我缺少什么？

  public List< Subject> getSubjectsByMedium（String orda，Medium ... medium）{
 List< Subject> subject（）。currentSession（）。createQuery（from Subject where in medium in（：medium）order by：orda）。setParameterList（medium，medium）.setParameter（orda，orda）.list（）; 
返回主题; 
 
  

解决方案

不，这不是问题方法链接。问题是您不能使用命名参数在HQL（或SQL）查询中设置 ORDER 。

您需要分别构建查询字符串，然后在创建的 Query 对象上设置：medium 命名参数。

 字符串查询=从主题where介质在（：medium）order by+ orda; 
  

这可能会让您容易受到SQL注入攻击。

As you can see I have two named parameters, one being set by setParameterList() and one being set by setParmeter(). The problem is the List is not being ordered. When I set the order field explicitly it works fine, but the same string is being passed into the method it doesn't work. Is it that setParameter and and setParameterList can't be chained? They both return a query do I don't see why not. What am I missing?

public List<Subject> getSubjectsByMedium(String orda, Medium... medium) {
    List<Subject> subjects = currentSession().createQuery("from Subject where medium in(:medium) order by :orda").setParameterList("medium", medium).setParameter("orda", orda).list();
    return Subjects;
}

解决方案

No, it's not a problem of method chaining. The problem is you can't use named parameters to set the ORDER in an HQL (or SQL) query.

You'll need to build the query String separately and then set the :medium named parameter on the created Query object.

String query = "from Subject where medium in(:medium) order by " + orda;

This does possibly leave you vulnerable to SQL injection.

这篇关于在Hibernate查询上查询setParameter的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！