Hibernate 命名查询的表名问题
我在 Hibernate 中有以下命名查询:
<sql-query name="CreateLogTable">
CREATE TABLE IF NOT EXISTS :tableName (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`url` VARCHAR (750) NOT NULL,
`query` VARCHAR (500),
`ipaddress` VARCHAR (39),
`datetime` DATETIME NOT NULL,
`hits` MEDIUMINT UNSIGNED DEFAULT '0' NOT NULL,
`path_id` VARCHAR (8),
PRIMARY KEY(`id`),
UNIQUE(`id`),
INDEX(`id`,`query`,`datetime`,`path_id`)
) TYPE = MyISAM
</sql-query>
然后我尝试使用以下行执行此行(常量指向正确的项目):
getSession().getNamedQuery(CREATE_SQL).setString(CREATE_SQL_TABLE_NAME_PARAM, "wibble").executeUpdate();
现在,当我执行代码时,我收到有关即将到来的表名的 SQL 错误out 被引号包围:
CREATE TABLE IF NOT EXISTS 'wibble' (
如果我采用生成的查询并在表名周围不带引号的情况下尝试,则查询工作正常。 这只是引起我问题的那些引用。
所以我的问题是:我需要使用什么来代替 setString 来确保我的参数不被引号包围? 我尝试过 setParameter 但没有成功,并且我无法从 API 中找到任何更好的替代方案。
感谢您的任何意见, 李
I've got the following named query in Hibernate:
<sql-query name="CreateLogTable">
CREATE TABLE IF NOT EXISTS :tableName (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`url` VARCHAR (750) NOT NULL,
`query` VARCHAR (500),
`ipaddress` VARCHAR (39),
`datetime` DATETIME NOT NULL,
`hits` MEDIUMINT UNSIGNED DEFAULT '0' NOT NULL,
`path_id` VARCHAR (8),
PRIMARY KEY(`id`),
UNIQUE(`id`),
INDEX(`id`,`query`,`datetime`,`path_id`)
) TYPE = MyISAM
</sql-query>
I am then trying to execute this line using the following line (constants point to correct items):
getSession().getNamedQuery(CREATE_SQL).setString(CREATE_SQL_TABLE_NAME_PARAM, "wibble").executeUpdate();
Now when I execute the code, I get an SQL error regarding the table name which is coming out surrounded by quotes:
CREATE TABLE IF NOT EXISTS 'wibble' (
If I take the generated query and try it without the quotes around the table name, the query works fine. It's just those quotes causing my issue.
So my question is: What do I need to use instead of setString to make sure that my parameter isn't surrounded by quotes? I've tried setParameter with no luck and I couldn't spot any better alternative from the API.
Thanks for any input,
Lee
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为您不能将命名参数用于数据库标识符(例如表名)。 仅值表达式。 如果允许,它会让你容易受到 SQL 注入攻击。 作为替代方案,您可以使用 Java 构建查询。
I don't think you can use named parameters for database identifiers like table names. Only value expressions. If it were allowed, it would make you susceptible to SQL injection attacks. As an alternative, you could construct the query in Java.
您使用什么数据库类型? 有些数据库是区分大小写的(实际上除了微软的之外大多数都是区分大小写的)。 因此,名为“wibble”的表与“WiBbLe”不同,并且仍然与“WIBBLE”不同。
当您创建名为 wibble 且不带引号的表时,大多数数据库(例如 Oracle)都会将此表创建为全部大写“WIBBLE”的表。 当您查询它时,您可以像这里一样使用它:
数据库会将其解释为“WIBBLE”,并且没有问题。
持久性提供者似乎总是将其放在引号中。 为了使引用的名称与创建时的名称相同,您应该将其大写。 所以试试这个:
这应该创建带有“WIBBLE”的语句,它应该与不带引号的 wibble 相同。
What database type are you using? Some databases are case sensitive (Actually most are except Microsoft's). So the table named 'wibble' is different from 'WiBbLe' and still different from 'WIBBLE'.
When you create a table named wibble with no quotes, most databases such as Oracle create this as the table named in all caps 'WIBBLE'. When you query it you use it as you do here:
The database would interpret this as 'WIBBLE' and there is no problem.
The persistence provider seems to always put this in quotes. To make the quoted name the same as it was created as, you should capitalize it. So try this:
That should create the statement with 'WIBBLE' which should be the same as wibble with no quotes.