67,515
社区成员
发帖
与我相关
我的任务
分享hql语句查询参数数组的问题
public long getTotalUser(long userID)
{
String hql = "from User t where t.userId =? and t.userName is not null" ;
return find(hql,new Object[]{userID}).size();
}
这个方法在查询的时候,查询结果会报错:
com.sun.jdi.InvalidTypeException: Generated value (long) is not compatible with declared type (java.lang.Object). occurred while setting value in array.
把数组修改成new long[]{userID}后,同样报错:
An exception occurred: java.lang.ClassCastException
方法修改成如下,方法可以正常执行,但是这样的写法可以防sql注入吗?如果不能,上面的方法中参数该怎么处理?
public long getTotalUser(long userID)
{
String hql = "from User t where t.userId = " + userID + " and t.userName is not null" ;
return find(hql).size();
}
{
String hql = "from User t where t.userId =? and t.userName is not null" ;
return find(hql,new Object[]{userID}).size();
}
这个方法在查询的时候,查询结果会报错:
com.sun.jdi.InvalidTypeException: Generated value (long) is not compatible with declared type (java.lang.Object). occurred while setting value in array.
把数组修改成new long[]{userID}后,同样报错:
An exception occurred: java.lang.ClassCastException
方法修改成如下,方法可以正常执行,但是这样的写法可以防sql注入吗?如果不能,上面的方法中参数该怎么处理?
public long getTotalUser(long userID)
{
String hql = "from User t where t.userId = " + userID + " and t.userName is not null" ;
return find(hql).size();
}
...全文
请发表友善的回复…
发表回复
Spring89 2014-04-02
- 打赏
- 举报
不要用createQuery,不要用find,find只是用来做简单的查询!
