Hibernate parameter binding examples
来源:互联网 发布:淘宝店卖家信誉等级表 编辑:程序博客网 时间:2024/06/05 12:45
Without parameter binding, you have to concatenate the parameter String like this (bad code) :
String hql = "from Stock s where s.stockCode = '" + stockCode + "'";List result = session.createQuery(hql).list();
Pass an unchecked value from user input to the database will raise security concern, because it can easy get hack by SQL injection. You have to avoid the above bad code and using parameter binding instead.
Hibernate parameter binding
There are two ways to parameter binding : named parameters or positional.
1. Named parameters
This is the most common and user friendly way. It use colon followed by a parameter name (:example
) to define a named parameter. See examples…
Example 1 – setParameter
The setParameter
is smart enough to discover the parameter data type for you.
String hql = "from Stock s where s.stockCode = :stockCode";List result = session.createQuery(hql).setParameter("stockCode", "7277").list();
Example 2 – setString
You can use setString
to tell Hibernate this parameter date type is String
.
String hql = "from Stock s where s.stockCode = :stockCode";List result = session.createQuery(hql).setString("stockCode", "7277").list();
Example 3 – setProperties
This feature is great ! You can pass an object into the parameter binding. Hibernate will automatic check the object’s properties and match with the colon parameter.
Stock stock = new Stock();stock.setStockCode("7277");String hql = "from Stock s where s.stockCode = :stockCode";List result = session.createQuery(hql).setProperties(stock).list();
2. Positional parameters
It’s use question mark (?
) to define a named parameter, and you have to set your parameter according to the position sequence. See example…
String hql = "from Stock s where s.stockCode = ? and s.stockName = ?";List result = session.createQuery(hql).setString(0, "7277").setParameter(1, "DIALOG").list();
This approach is not support the setProperties
function. In addition, it’s vulnerable to easy breakage because every change of the position of the bind parameters requires a change to the parameter binding code.
String hql = "from Stock s where s.stockName = ? and s.stockCode = ?";List result = session.createQuery(hql).setParameter(0, "DIALOG").setString(1, "7277").list();
Conclusion
In Hibernate parameter binding, i would recommend always go for “Named parameters“, as it’s more easy to maintain, and the compiled SQL statement can be reuse (if only bind parameters change) to increase the performance.
- Hibernate parameter binding examples
- Parameter Binding(XSLT)
- Hibernate Examples
- Hibernate Query examples (HQL)
- Hibernate Criteria examples
- Hibernate named query examples
- Learn Hibernate by Examples
- Setting parameter value for binding with code
- ibatis.binding.BindingException: Parameter 'XXX' not found
- ibatis.binding.BindingException: Parameter 'xxx' not found
- Hibernate native SQL queries examples
- Hibernate – fetching strategies examples
- Hibernate Criteria examples by mkyong
- Hibernate – fetching strategies examples
- [Microsoft][SQLServer JDBC Driver]Invalid parameter binding(s).错误求解
- org.apache.ibatis.binding.BindingException: Parameter 'set' not found
- org.apache.ibatis.binding.BindingException: Parameter '__frch_org_0' not found
- org.apache.ibatis.binding.BindingException: Parameter 'receptionList' not found. Available parameter
- iOS MD5加密算法
- 【树分治】 ZOJ Travel
- java.util.vector中的vector的详细用法
- 解决sunos solaris中的PS命令无法正常显示全部内容的问题
- signed char的取值范围,在内存中的存储形式
- Hibernate parameter binding examples
- 堆排序
- iOS开发判断TextField中输入的数字为小数点后两位
- Android Studio导入项目的几种方法
- android中属性动画
- 找出数列单独的数字
- 给ASP.NET MVC及WebApi添加路由优先级
- 【网络】(十二)UDP简介
- 网络IO之阻塞、非阻塞、同步、异步总结