Google Datastore 查询 *User* 类型时出现问题
在这个问题上,我解决了查询Google的问题数据存储区按用户(com.google.appengine.api.users.User)检索内容,如下所示:
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == paramAuthor");
query.declareParameters("java.lang.String paramAuthor");
greetings = (List<Greeting>) query.execute(user);
上面的工作正常 - 但经过一番混乱后,我意识到这种语法不太实用,因为需要构建更复杂的查询出现 - 所以我决定手动构建我的过滤器,现在我得到了类似以下内容的东西(其中过滤器通常作为字符串变量传入,但现在为了简单起见是内联构建的):
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == '"+ user.getEmail() +"'");
greetings = (List<Greeting>) query.execute();
显然,即使这样也行不通支持 field = 'value' 语法由 JDOQL 编写,它在其他字段(字符串类型和枚举)上运行良好。 另一个奇怪的事情是,查看应用程序引擎仪表板中的数据查看器,“作者”字段存储为 User 类型,但值是“[email protected]',然后当我将其设置为参数时(上面的情况工作正常)我声明参数作为字符串,然后传递一个 User (用户)实例,该实例使用简单的 toString() 进行序列化(我猜)。
有人有什么想法吗?
On this question I solved the problem of querying Google Datastore to retrieve stuff by user (com.google.appengine.api.users.User) like this:
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == paramAuthor");
query.declareParameters("java.lang.String paramAuthor");
greetings = (List<Greeting>) query.execute(user);
The above works fine - but after a bit of messing around I realized this syntax in not very practical as the need to build more complicated queries arises - so I decided to manually build my filters and now I got for example something like the following (where the filter is usually passed in as a string variable but now is built inline for simplicity):
User user = userService.getCurrentUser();
String select_query = "select from " + Greeting.class.getName();
Query query = pm.newQuery(select_query);
query.setFilter("author == '"+ user.getEmail() +"'");
greetings = (List<Greeting>) query.execute();
Obviously this won't work even if this syntax with field = 'value' is supported by JDOQL and it works fine on other fields (String types and Enums). The other strange thing is that looking at the Data viewer in the app-engine dashboard the 'author' field is stored as type User but the value is '[email protected]', and then again when I set it up as parameter (the case above that works fine) I am declaring the parameter as a String then passing down an instance of User (user) which gets serialized with a simple toString() (I guess).
Anyone any idea?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在查询语言中使用字符串替换始终是一个坏主意。 对于用户来说,突破并扰乱您的环境太容易了,并且它引入了一系列编码问题等。
您之前的参数替换方法有什么问题? 据我所知,它支持一切,并且回避任何解析问题。 至于知道要传递多少个参数的问题,您可以使用 Query.executeWithMap 或 Query.executeWithArray 来执行具有未知数量参数的查询。
Using string substitution in query languages is always a bad idea. It's far too easy for a user to break out and mess with your environment, and it introduces a whole collection of encoding issues, etc.
What was wrong with your earlier parameter substitution approach? As far as I'm aware, it supports everything, and it sidesteps any parsing issues. As far as the problem with knowing how many arguments to pass goes, you can use Query.executeWithMap or Query.executeWithArray to execute a query with an unknown number of arguments.