为什么 org.hibernate.JDBCException 不打印堆栈跟踪中的 sql 语句
当 org.hibernate.JDBCException 发生(或该异常的子类型)时,sql 语句在 Stacktrace 中不可见。
例如,如果我使用 hibernate 执行以下 SQL 语句(在没有表或视图“nonexsiting”的 Oracle DB 上):
session.createSQLQuery("select * from nonexisting").list();
我得到以下堆栈跟踪:
org.hibernate.exception.SQLGrammarException: could not execute query
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:90)
...
Caused by: java.sql.SQLSyntaxErrorException: ORA-00942: Table or view does not exist
...
SQL 语句未显示在堆栈跟踪中,但是 Exception 对象具有存储的信息可以通过exception.getSQL()访问。如果堆栈跟踪中也提供此信息,那么将极大地加快调试速度。
有人知道为什么此信息在堆栈跟踪中不可用吗?或者如何在堆栈跟踪中启用此信息的输出?
顺便说一下,我在这个例子中使用的 hibernate 版本是 3.3.1
When an org.hibernate.JDBCException occurrs (or a Subtype of this Exception) the sql statement is not visible in the Stacktrace.
For Example if i execute the following SQL statement with hibernate (on an Oracle DB which does not have a table or view 'nonexsiting'):
session.createSQLQuery("select * from nonexisting").list();
i get the following stacktrace:
org.hibernate.exception.SQLGrammarException: could not execute query
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:90)
...
Caused by: java.sql.SQLSyntaxErrorException: ORA-00942: Table or view does not exist
...
The SQL statement is not shown in the stacktrace, however the Exception object has the information stored and can be accessed by exception.getSQL(). It would extremely speed up debugging if this information would be available in the stacktrace too.
Anybody an idea why this information is not available in the stacktrace? Or how to enable the output of this information in the stacktrace?
By the way the hibernate version i used for this example is 3.3.1
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为这可能是一个安全问题。如果将 sql 语句添加到堆栈跟踪中,它可能会发布给用户,从而为他提供有关表名和列的信息。如果您的应用程序容易受到 SQL 注入攻击,这对于入侵者来说将是一个非常大的好处。
I assume that it could be a security issue. If you add the sql statement to the stack trace, it might be published to a user and so give him information about your table names and columns. If your application is vulnerable to sql injection, this would be a really big benefit for intruders.
因为这不是它的实施方式。请参阅 HB-1055。
Spring 和实现 < 的类code>PersistenceExceptionTranslator 可能会提供更接近您期望的内容。
Because that's not how it has been implemented. See HB-1055.
Spring and the classes implementing
PersistenceExceptionTranslatormight provide something closer to your expectations.