hql语句中like查询 对于 / ' " % 的处理

 

public List searchByParas(String authId, String resourceId, Integer state,Integer value, String description) {log.debug("finding KiiUaResAuth instance by example");try {description = description.replace("//", "//////").replace("%", "//%").replace("'", "''");StringBuffer hql = new StringBuffer("from KiiUaResAuth as k join k.id.resource as r where k.description like '%"+ description + "%'");if (authId != "") {hql.append(" and k.id.authId='" + authId + "'");}if (resourceId != "") {hql.append(" and r.resourceId='" + resourceId + "'");}if (state != null) {hql.append(" and k.resAuthState=" + state);}if (value != null) {hql.append(" and k.value=" + value);}if (description.indexOf("//") >= 0) {hql.append(" escape '/'");}List results = getHibernateTemplate().find(hql.toString());log.debug("find by example successful, result size: "+ results.size());List toresult = new ArrayList();Object[] objlist = null;if (results.size() != 0) {for (int i = 0; i < results.size(); i++) {Object objs = results.get(i);objlist = (Object[]) objs;if (objlist[0] != null) {toresult.add((KiiUaResAuth) objlist[0]);}}}return toresult;} catch (RuntimeException re) {log.error("find by example failed", re);throw new SystemException("UA1202");}}