英文:
Pass native query as String to @Query
问题
我有一个查询需要首先构造为字符串。
StringBuilder query = new StringBuilder();
query.append(....);
query.append(....);
我想将此查询作为本地查询传递,就像这样:
myTableRepository.insertData(query.toString());
因此在 MyTableRepository 中,我可以像通常使用 @Query 注解使用本地查询。
这种做法可行吗?
附言:由于某些遗留问题,我不使用 createNative(),也不想使用 EntityManager。
英文:
I've a query which needs to be constructed as String first.
StringBuilder query = new StringBuilder();
query.append(....);
query.append(....);
I want to pass this query as a native query, like:
myTableRepository.insertData(query.toString());
So in MyTableRepository I can use it like we generally use native queries using @Query annotation.
Is it possible?
P.S. - I'm not using createNative(), due to some legacy issue, I don't want to use EntityManager.
答案1
得分: 2
我认为这是不可能的,它会使您的代码容易受到JPQL注入攻击,从数据库优化器的角度来看,这会导致性能下降,因为它每次都必须创建查询。您可以使用Criteria查询来构建安全的动态查询。
英文:
I don't think it is possible , it will exposes your code to jpql injection attack, and from perspective of DB optimizer it cause bad performance cause it have to create query each time. You can use Criteria query to build safe dynamic query.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论