如何在 Groovy 中将 PL/SQL to_date 与变量一起使用?
我有以下 Groovy 小脚本,它只计算数据库中特定日期的行数。
import groovy.sql.Sql
def today= new GregorianCalendar()
def dateString = "${today.get(Calendar.MONTH)+1}/${today.get(Calendar.DAY_OF_MONTH)-1}/${today.get(Calendar.YEAR)}"
def sql = Sql.newInstance("jdbc:oracle:thin:bc/bc@nemesis:1521:billctr", "bc","bc", "oracle.jdbc.OracleDriver")
def sqlLine = "select count(id) as count from bc_payment where trunc(paymentdate) = to_date(${dateString}, \'MM/DD/YYYY\')"
println(sqlLine)
def payCount = sql.execute(sqlLine)
println payCount
to_date 需要在传入的日期周围加上单引号。如果我不加它们,我会收到 SQLException: Invalid column type 但如果我在变量周围加上 \',我会收到来自 Groovy 的
WARNING: In Groovy SQL please do not use quotes around dynamic expressions (which start with $) as this means we cannot use a JDBC PreparedStatement and so is a security hole. Groovy has worked around your mistake but the security hole is still there. The expression so far is: select count(id) as count from bc_payment where trunc(paymentdate) = to_date('?', 'MM/DD/YYYY')
警告在没有 to_date 或以不同方式格式化变量的情况下执行此操作的更好方法?我是 Groovy 的新手,所以欢迎提出任何建议。提前致谢!
I've got the following small Groovy script that just does a count of rows in the database for a specific date.
import groovy.sql.Sql
def today= new GregorianCalendar()
def dateString = "${today.get(Calendar.MONTH)+1}/${today.get(Calendar.DAY_OF_MONTH)-1}/${today.get(Calendar.YEAR)}"
def sql = Sql.newInstance("jdbc:oracle:thin:bc/bc@nemesis:1521:billctr", "bc","bc", "oracle.jdbc.OracleDriver")
def sqlLine = "select count(id) as count from bc_payment where trunc(paymentdate) = to_date(${dateString}, \'MM/DD/YYYY\')"
println(sqlLine)
def payCount = sql.execute(sqlLine)
println payCount
to_date requires single-quotes around the date you pass in. If I leave them off, I get SQLException: Invalid column type but if I put \' around the variable, I get a warning from Groovy
WARNING: In Groovy SQL please do not use quotes around dynamic expressions (which start with $) as this means we cannot use a JDBC PreparedStatement and so is a security hole. Groovy has worked around your mistake but the security hole is still there. The expression so far is: select count(id) as count from bc_payment where trunc(paymentdate) = to_date('?', 'MM/DD/YYYY')
Is there a better way of doing this without to_date or formatting the variable differently? I'm new to Groovy so any suggestions are welcome. Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
尝试以下操作(我希望我没有引入语法错误,这里没有 Groovy...)
编辑:替换
为
Try the following (I hope I haven't introduced a syntax error, no Groovy here...)
Edit: replaced
with
有类似问题的开发人员较晚回答。
我发现问题可以通过更改声明来解决:
...它将 sqlLine 创建为 GStringImpl 对象。相反,如果您像这样声明 sqlLine:
... 我们会内联解析变量并接收一个 String 对象。这样 groovy.sql.Sql 永远不会知道我们动态创建了 sql。
Late answer by a developer with similar problems.
I found that the problem was could be fixed by changing the declaration:
... which creates sqlLine as a GStringImpl-object. If instead you declare sqlLine like this:
... we resolve the variables inline and receive a String-object. This way groovy.sql.Sql never know that we created the sql dynamically.
实际上,您可以执行以下操作从数据源读取 sql 实例参数:
我使用 Oracle TO_DATE 和 TO_TIMESTAMP 函数。就我而言,情况如下:
Actually you can read the sql instance parameters from the DataSource doing the followng:
I use Oracle TO_DATE and TO_TIMESTAMP function. In my case it is as follows: