msql表名带$符号
我在 Mysql 5 db 中有一些表,其名称以美元符号“$”为前缀 即 tablename $MYTABLE
我正在使用 Spring 3.0 JdbcTemplate 来执行我的选择查询,但无法让它工作。
即
String tablename = "$AAPL";
private static final String STOCK_SELECT =
"select symbol, open, high, low, close, vol, ev from ?";
jdbcTemplate.query(STOCK_SELECT,
new Object[] { tablename },
new RowMapper() { .... } );
这总是会抛出 InvalidSqlException,大概是因为 $ 符号。 如果我只是做一个没有参数的普通查询,即。
private static final String STOCK_SELECT =
"select symbol, open, high, low, close, vol, ev from $AAPL";
然后一切正常。
如何使用 jdbcTemplate 转义 $ 符号?
-- 编辑,我最终做了什么 --
我没有将表名“$AAPL”传递给 jdbcTemplate,而是手动创建 SQL 字符串,即
jdbcTemplate.query( getStockSelect("$AAPL", .., .. ));
I have tables in Mysql 5 db with names prefixed with a dollar sign '$'
ie tablename $MYTABLE
I am using Spring 3.0 JdbcTemplate to do my select query but couldn't get it to work.
ie
String tablename = "$AAPL";
private static final String STOCK_SELECT =
"select symbol, open, high, low, close, vol, ev from ?";
jdbcTemplate.query(STOCK_SELECT,
new Object[] { tablename },
new RowMapper() { .... } );
This will always throws InvalidSqlException, presumably because of the $ sign.
If I just do a normal query with no param, ie.
private static final String STOCK_SELECT =
"select symbol, open, high, low, close, vol, ev from $AAPL";
Then everything works.
How can I escape the $ sign using jdbcTemplate?
-- Edit, what I ended up doing --
Instead of passing the table name "$AAPL" to jdbcTemplate, I just create the SQL string manually, i.e.
jdbcTemplate.query( getStockSelect("$AAPL", .., .. ));
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
SQL 支持分隔标识符,因此您可以使用标点符号、空格、特殊符号、国际字符或 SQL 关键字作为表名或列名。
请参阅我过去对不同数据库使用不同名称引用吗?<的回答/a>
在 MySQL 中,使用反引号:
或者将 SQL_MODE 设置为 ANSI 模式并使用双引号:
您不能在 SQL 中使用
?占位符作为表名。这只是语言不支持的。您只能在通常可以使用文字值(例如整数或单引号字符串)的地方使用参数。SQL supports delimited identifiers so you can use punctuation, white space, special symbols, international characters, or SQL keywords as table names or column names.
See my past answer to Do different databases use different name quote?
In MySQL, use back-quotes:
Or set SQL_MODE to ANSI mode and use double-quotes:
You can't use a
?placeholder for a table name in SQL. That's just not supported by the language. You can use a parameter only where you could normally use a literal value, like an integer or a single-quoted string.表和列名称/标识符等数据库信息并不意味着参数化。 MySQL 使用反引号 (`) 作为表和列名称/标识符。您的参数化查询可能会这样:
我不知道有任何用于参数化/转义标识符的标准 API。如果可以的话,我建议您将其静态地放置在那里。由于它们是相同的列,因此对表进行分区也可能是一种选择。最后,如果您仍然需要它是动态的,则必须自己转义表名称,我建议仅将其从白名单中拉入。
您可能需要查看 mysql 文档,了解如何转义标识符。
Database information like table and column names/identifers are not meant to be parameterized. MySQL uses the backtick (`) for table and column names/identifiers. Your parameterized query is probably going in as:
I'm not aware of any standard API for parameterizing/escaping identifiers like that. I'd recommend, if you can, just to have it in there statically. Since they're the same columns partitioning the table might also be an option. Finally, if you still need it to be dynamic, you'll have to escape the table name yourself, I'd recommend only pulling it in from a whitelist.
You may want to take a look at the mysql documentation on how to escape identifiers.