SQLGrammarException:无法执行查询
我正在使用Struts2和Hibernate并在使用字符串test搜索数据时遇到错误,但在使用数字111搜索时对我有用。 我从bean类中获取此值,并在bean类中定义了字符串类型的属性。
下面我提供的代码:
public String retrieveRecords() { String empId = p.getEmpId(); String paramValue = ""; if(empId !=null) if(!(empId.isEmpty())) paramValue =" where b.empId="+empId; String empName = p.getEmployeeName(); if(empName !=null && empName != "") { if(!(empName.isEmpty())){ if(paramValue == "") paramValue =" where b.employeeName="+empName; else paramValue =paramValue + " and b.employeeName="+empName; } } System.out.println("=========paramvalues===="+paramValue); recList = (List) session.createQuery("from RequestBean b"+paramValue).list(); request.setAttribute("rec", recList); System.out.println("got size"+recList); return SUCCESS; }
豆类:
public class RequestBean { private Long id; private String empId; private String employeeName; private String employeeType; private String personnalNumber; private String contactNumber; private String companyName; private String address; private String remarks; private String empStatus = "E"; private Date joiningDate = null; private Date created; /************* Getters ************************/ public Long getId() { return id; } public String getEmpId() { return empId; } public String getEmployeeName() { return employeeName; } public String getEmployeeType() { return employeeType; } public String getPersonnalNumber() { return personnalNumber; } public String getContactNumber() { return contactNumber; } public String getCompanyName() { return companyName; } public String getAddress() { return address; } public String getRemarks() { return remarks; } public Date getJoiningDate() { return joiningDate; } public String getEmpStatus() { return empStatus; } public Date getCreated() { return created; } /******************* Setters ***************************/ public void setId(Long id) { this.id = id; } public void setEmpId(String empId) { this.empId = empId; } public void setEmployeeName(String employeeName) { this.employeeName = employeeName; } public void setEmployeeType(String employeeType) { this.employeeType = employeeType; } public void setPersonnalNumber(String personnalNumber) { this.personnalNumber = personnalNumber; } public void setContactNumber(String contactNumber) { this.contactNumber = contactNumber; } public void setCompanyName(String companyName) { this.companyName = companyName; } public void setAddress(String address) { this.address = address; } public void setRemarks(String remarks) { this.remarks = remarks; } public void setJoiningDate(Date joiningDate) { this.joiningDate = joiningDate; } public void setEmpStatus(String empStatus) { this.empStatus = empStatus; } public void setCreated(Date created) { this.created = created; } }
制图:
<!-- -->
错误:
org.hibernate.exception.SQLGrammarException: could not execute query org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:90) org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) org.hibernate.loader.Loader.doList(Loader.java:2231) org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2125) org.hibernate.loader.Loader.list(Loader.java:2120) org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:401) org.hibernate.hql.ast.QueryTranslatorImpl.list(QueryTranslatorImpl.java:361) org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java:196) org.hibernate.impl.SessionImpl.list(SessionImpl.java:1148) org.hibernate.impl.QueryImpl.list(QueryImpl.java:102) com.ims.DAO.RequestControllerDAO.retrieveRecords(RequestControllerDAO.java:60) sun.reflect.GeneratedMethodAccessor76.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) java.lang.reflect.Method.invoke(Unknown Source) ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:891) ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1293) ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68) com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethodWithDebugInfo(XWorkMethodAccessor.java:117) com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethod(XWorkMethodAccessor.java:108) ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1369) ognl.ASTMethod.getValueBody(ASTMethod.java:90) ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) ognl.SimpleNode.getValue(SimpleNode.java:258) ognl.Ognl.getValue(Ognl.java:494) ognl.Ognl.getValue(Ognl.java:458)
抛出SQLGrammarException是因为Hibernate生成的SQL查询具有错误的SQL语法。 构建查询的方式是错误的,您不应该将值(特别是字符串值)连接到结果查询,因为此类代码易受可能的SQL注入攻击。 相反,您可以在查询字符串中使用参数
String empId = p.getEmpId(); String paramValue = ""; if (empId !=null && !empId.isEmpty()) paramValue = " where b.empId=:empId"; String empName = p.getEmployeeName(); if (empName !=null && !empName.isEmpty()) { if (paramValue == "") paramValue =" where b.employeeName=:empName"; else paramValue =paramValue + " and b.employeeName=:empName"; } System.out.println("=========paramvalues===="+paramValue); Query query = session.createQuery("from RequestBean b"+paramValue); //now set parameter values if(empId !=null && !empId.isEmpty()) query.setParameter("empId", empId); if(empName !=null && !empName.isEmpty()) query.setParameter("empName", empName); recList = (List) query.list();
您的hql到sql转换查询正在生成:
"where employeeName=Name"
虽然它应该产生:
"where employeeName='Name'".
所以你的hql应该是:
"where b.employeeName= ' " +empName+ " ' ";
注意:您不需要对整数值执行此操作,仅适用于String变量。