MyBatis 中通过参数设置 FROM 子句
我在文档中看不到任何与我的问题相关的内容,并且在部署它后,我的应用程序无法正常工作(稍后会详细介绍)。我正在尝试做类似
<select id="getLookupRows" parameterType="map" resultMap="lookupMap">
select id, name, active, valid
from #{table}
</select>
MyBatis 的事情。我有许多具有共享列的查找表,因此视图级别的用户决定最终使用哪个查找表。当我尝试执行 getLookupRows 时出现的错误是
Cause: org.apache.ibatis.executor.ExecutorException: There was no TypeHandler found for parameter table of statement info.pureshasta.mapper.LookupMapper.getLookupRows
org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:8)
org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:77)
org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:69)
org.apache.ibatis.binding.MapperMethod.executeForList(MapperMethod.java:85)
org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:65)
org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:38)
$Proxy15.getLookupRows(Unknown Source)
info.pureshasta.service.FieldTitleService.getLookupRows(FieldTitleService.java:33)
我的映射器接口如下:
List<Lookup> getLookupRows(@Param("specificColumn") String specificColumn,
@Param("table") String table);
所以我们知道我正在尝试将字符串传递给此查询,没有什么特别的。我有特定的专栏,因为那将是我的下一个任务。实际上,每个查找表的一列都是唯一的,因此我必须调用适当的 SpecificColumn,但如果表参数和 FROM 子句能够正常工作,我会非常高兴。
I haven't been able to see anything in the documentation which speaks to my question, and upon deploying it, my app does not quite work right (more on that in a sec). I am trying to do something like
<select id="getLookupRows" parameterType="map" resultMap="lookupMap">
select id, name, active, valid
from #{table}
</select>
in MyBatis. I have a number of lookup tables that have shared columns and so the user at the view level determines which lookup table is ultimately used. The error I get when I try to execute getLookupRows is
Cause: org.apache.ibatis.executor.ExecutorException: There was no TypeHandler found for parameter table of statement info.pureshasta.mapper.LookupMapper.getLookupRows
org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:8)
org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:77)
org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:69)
org.apache.ibatis.binding.MapperMethod.executeForList(MapperMethod.java:85)
org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:65)
org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:38)
$Proxy15.getLookupRows(Unknown Source)
info.pureshasta.service.FieldTitleService.getLookupRows(FieldTitleService.java:33)
My mapper interface is as follows:
List<Lookup> getLookupRows(@Param("specificColumn") String specificColumn,
@Param("table") String table);
so we know that I am trying to pass a String to this query, nothing special. I have the specific column, because that will be my next task. Really one of the columns of each of the lookup tables is unique, and so I have to call the appropriate specificColumn, but I would be really happy if I could the table parameter and the FROM clause working.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
就可以了。与实际注入列名和表的值然后说出列值有不同的表示法。如果要在 where 子句中注入值,则正确使用 # 符号。
如果此查询中用于表的值未转义,则可能会发生 SQL 注入问题。对于我的用例,数据库先于我,虽然我可以对 Java 和视图部分做任何我想做的事情,但我不允许更改表的基本结构。
如果有人想进一步解释我得到的堆栈跟踪(即 myBatis 思想表是什么类型),我很乐意阅读并接受进一步的教育。
does the trick. There is a different notation from actually injecting in a value for the column name and table then say the column value. If you are injecting a value in a where clause, then the # notation is the correct to use.
If the value used for table in this query is not escaped then SQL injection problems can occur. For my use case, the DB preceded me and while I can do whatever I want to the Java and View portions, I am not allowed to alter the fundamental structures of the tables.
If anyone wants to further explain the stack trace I got (i.e. what type myBatis thought table was) I would love to read and be further educated.