Hibernate之关于HQL语句参数的绑定

参数绑定优点：

（1）安全性

  防止用户恶意输入条件和恶意调用存储过程

（2）提高性能

  底层采用JDBC的PreparedStatement预定义sql功能，后期查询直接从缓存中获取执行

一，参数绑定两种方式

（1）命名参数形式

命名参数以':'开头，通过Query提供的类型绑定方法，绑定参数

实例：

package com.lanhuigu.hibernate.test;import java.util.List;import org.hibernate.Query;import org.hibernate.Session;import org.hibernate.SessionFactory;import org.hibernate.Transaction;import org.hibernate.cfg.Configuration;import com.lanhuigu.hibernate.entity.Customer;public class TestHQL {public static void main(String[] args) throws Exception{Configuration cfg = new Configuration().configure();SessionFactory sessionFactory = cfg.buildSessionFactory();Session session = sessionFactory.openSession();Transaction tr = session.beginTransaction();//1.创建Query对象与Query query = session.createQuery("from Customer where name=:v_name and email = :v_email order by name desc");//降序,desc不可以去掉，去掉就升序了//2.命名参数动态绑定查询条件query.setString("v_name", "test");query.setString("v_email", "123456789@qq.com");//3.分页query.setFirstResult(0);//从什么位置开始，默认为0query.setMaxResults(1);//最多检出的条数//4.执行SQLList list = query.list();//5.输出结果for (int i = 0;i<list.size();i++) {Customer customer = (Customer) list.get(i);System.out.println(customer.getName());}//6.事务提交tr.commit();//7.关闭sessionsession.close();}}

控制台结果：

Hibernate: select customer0_.ID as ID1_0_, customer0_.NAME as NAME2_0_, customer0_.EMAIL as EMAIL3_0_, customer0_.PASSWORD as PASSWORD4_0_, customer0_.PHONE as PHONE5_0_, customer0_.ADDRESS as ADDRESS6_0_, customer0_.SEX as SEX7_0_, customer0_.IS_MARRIED as IS8_0_, customer0_.DESCRIPTION as DESCRIPT9_0_, customer0_.IMAGE as IMAGE10_0_, customer0_.BIRTHDAY as BIRTHDA11_0_, customer0_.REGISTERED_TIME as REGISTE12_0_, customer0_.HOME_PROVINCE as HOME13_0_, customer0_.HOME_CITY as HOME14_0_, customer0_.HOME_STREET as HOME15_0_, customer0_.HOME_ZIPCODE as HOME16_0_, customer0_.COMP_PROVINCE as COMP17_0_, customer0_.COMP_CITY as COMP18_0_, customer0_.COMP_STREET as COMP19_0_, customer0_.COMP_ZIPCODE as COMP20_0_ from CUSTOMERS customer0_ where customer0_.NAME=? and customer0_.EMAIL=? order by customer0_.NAME desc limit ?test

（2）位置参数形式

位置参数以'?'表示位置，位置从0开始，同样通过Query接口提供的方法设定对应位置参数的值

实例：

package com.lanhuigu.hibernate.test;import java.util.List;import org.hibernate.Query;import org.hibernate.Session;import org.hibernate.SessionFactory;import org.hibernate.Transaction;import org.hibernate.cfg.Configuration;import com.lanhuigu.hibernate.entity.Customer;public class TestHQL {public static void main(String[] args) throws Exception{Configuration cfg = new Configuration().configure();SessionFactory sessionFactory = cfg.buildSessionFactory();Session session = sessionFactory.openSession();Transaction tr = session.beginTransaction();//1.创建Query对象与Query query = session.createQuery("from Customer where name=? and email =? order by name desc");//降序,desc不可以去掉，去掉就升序了//2.位置表示参数绑定query.setString(0, "test");query.setString(1, "123456789@qq.com");//3.分页query.setFirstResult(0);//从什么位置开始，默认为0query.setMaxResults(1);//最多检出的条数//4.执行SQLList list = query.list();//5.输出结果for (int i = 0;i<list.size();i++) {Customer customer = (Customer) list.get(i);System.out.println(customer.getName());}//6.事务提交tr.commit();//7.关闭sessionsession.close();}}

控制台结果：

Hibernate: select customer0_.ID as ID1_0_, customer0_.NAME as NAME2_0_, customer0_.EMAIL as EMAIL3_0_, customer0_.PASSWORD as PASSWORD4_0_, customer0_.PHONE as PHONE5_0_, customer0_.ADDRESS as ADDRESS6_0_, customer0_.SEX as SEX7_0_, customer0_.IS_MARRIED as IS8_0_, customer0_.DESCRIPTION as DESCRIPT9_0_, customer0_.IMAGE as IMAGE10_0_, customer0_.BIRTHDAY as BIRTHDA11_0_, customer0_.REGISTERED_TIME as REGISTE12_0_, customer0_.HOME_PROVINCE as HOME13_0_, customer0_.HOME_CITY as HOME14_0_, customer0_.HOME_STREET as HOME15_0_, customer0_.HOME_ZIPCODE as HOME16_0_, customer0_.COMP_PROVINCE as COMP17_0_, customer0_.COMP_CITY as COMP18_0_, customer0_.COMP_STREET as COMP19_0_, customer0_.COMP_ZIPCODE as COMP20_0_ from CUSTOMERS customer0_ where customer0_.NAME=? and customer0_.EMAIL=? order by customer0_.NAME desc limit ?test

二，Query接口提供绑定以下类型的参数

query.setBinary() 绑定映射类型为binary的参数

query.setByte() 绑定映射类型为byte的参数

query.setBoolean() 绑定映射类型为boolean的参数

query.setBigInteger() 绑定映射类型为integer的参数

query.setBigDecimal() 绑定映射类型为decimal的参数

query.setCharacter() 绑定映射类型为character的参数

query.setCalendar() 绑定映射类型为calendar的参数

query.setDate() 绑定映射类型为date的参数

query.setDouble() 绑定映射类型为double的参数

query.setString() 绑定映射类型为string的参数

query.setText() 绑定映射类型为text的参数

query.setTime() 绑定映射类型为time的参数

query.setTimestamp() 绑定映射类型为timestamp的参数

以上方法均重载成两种形式，命名绑定和位置绑定

三，Hibernate三种特殊绑定参数

（1）setEntity()：绑定实体

实例,根据关联关系：

Customer customer=(Customer)session.load(Customer.class,"1");Query query=session.createQuery("from Order order where order.customer=:customer ");query. setEntity("customer",customer);List list=query.list();

执行结果：

Select * from order where customer_ID='1';

（2）setParameter()：绑定任意类型参数

实例：

package com.lanhuigu.hibernate.test;import java.util.List;import org.hibernate.Query;import org.hibernate.Session;import org.hibernate.SessionFactory;import org.hibernate.Transaction;import org.hibernate.cfg.Configuration;import com.lanhuigu.hibernate.entity.Customer;public class TestHQL {public static void main(String[] args) throws Exception{Configuration cfg = new Configuration().configure();SessionFactory sessionFactory = cfg.buildSessionFactory();Session session = sessionFactory.openSession();Transaction tr = session.beginTransaction();//1.创建Query对象与Query query = session.createQuery("from Customer where name=:v_name and IS_MARRIED=:V_IS_MARRIED order by name desc");//降序,desc不可以去掉，去掉就升序了//2.setParameter()绑定任意类型的参数query.setParameter("v_name", "test");//stringquery.setParameter("V_IS_MARRIED", 0);//boolean//3.分页query.setFirstResult(0);//从什么位置开始，默认为0query.setMaxResults(1);//最多检出的条数//4.执行SQLList list = query.list();//5.输出结果for (int i = 0;i<list.size();i++) {Customer customer = (Customer) list.get(i);System.out.println(customer.getName());}//6.事务提交tr.commit();//7.关闭sessionsession.close();}}

执行结果：

Hibernate: select customer0_.ID as ID1_0_, customer0_.NAME as NAME2_0_, customer0_.EMAIL as EMAIL3_0_, customer0_.PASSWORD as PASSWORD4_0_, customer0_.PHONE as PHONE5_0_, customer0_.ADDRESS as ADDRESS6_0_, customer0_.SEX as SEX7_0_, customer0_.IS_MARRIED as IS8_0_, customer0_.DESCRIPTION as DESCRIPT9_0_, customer0_.IMAGE as IMAGE10_0_, customer0_.BIRTHDAY as BIRTHDA11_0_, customer0_.REGISTERED_TIME as REGISTE12_0_, customer0_.HOME_PROVINCE as HOME13_0_, customer0_.HOME_CITY as HOME14_0_, customer0_.HOME_STREET as HOME15_0_, customer0_.HOME_ZIPCODE as HOME16_0_, customer0_.COMP_PROVINCE as COMP17_0_, customer0_.COMP_CITY as COMP18_0_, customer0_.COMP_STREET as COMP19_0_, customer0_.COMP_ZIPCODE as COMP20_0_ from CUSTOMERS customer0_ where customer0_.NAME=? and IS_MARRIED=? order by customer0_.NAME desc limit ?test

（3）setProperties()：绑定对象属性，参数名必须与实体属性名一致

实例：

package com.lanhuigu.hibernate.test;import java.util.List;import org.hibernate.Query;import org.hibernate.Session;import org.hibernate.SessionFactory;import org.hibernate.Transaction;import org.hibernate.cfg.Configuration;import com.lanhuigu.hibernate.entity.Customer;public class TestHQL {public static void main(String[] args) throws Exception{Configuration cfg = new Configuration().configure();SessionFactory sessionFactory = cfg.buildSessionFactory();Session session = sessionFactory.openSession();Transaction tr = session.beginTransaction();//1.创建Query对象与Query query = session.createQuery("from Customer where name=:name and IS_MARRIED=:married order by name desc");//降序,desc不可以去掉，去掉就升序了//2.setProperties()绑定对象属性Customer customerParam = new Customer();customerParam.setName("test");customerParam.setMarried(false);query.setProperties(customerParam);//3.分页query.setFirstResult(0);//从什么位置开始，默认为0query.setMaxResults(1);//最多检出的条数//4.执行SQLList list = query.list();//5.输出结果for (int i = 0;i<list.size();i++) {Customer customer = (Customer) list.get(i);System.out.println(customer.getName());}//6.事务提交tr.commit();//7.关闭sessionsession.close();}}

执行结果：

Hibernate: select customer0_.ID as ID1_0_, customer0_.NAME as NAME2_0_, customer0_.EMAIL as EMAIL3_0_, customer0_.PASSWORD as PASSWORD4_0_, customer0_.PHONE as PHONE5_0_, customer0_.ADDRESS as ADDRESS6_0_, customer0_.SEX as SEX7_0_, customer0_.IS_MARRIED as IS8_0_, customer0_.DESCRIPTION as DESCRIPT9_0_, customer0_.IMAGE as IMAGE10_0_, customer0_.BIRTHDAY as BIRTHDA11_0_, customer0_.REGISTERED_TIME as REGISTE12_0_, customer0_.HOME_PROVINCE as HOME13_0_, customer0_.HOME_CITY as HOME14_0_, customer0_.HOME_STREET as HOME15_0_, customer0_.HOME_ZIPCODE as HOME16_0_, customer0_.COMP_PROVINCE as COMP17_0_, customer0_.COMP_CITY as COMP18_0_, customer0_.COMP_STREET as COMP19_0_, customer0_.COMP_ZIPCODE as COMP20_0_ from CUSTOMERS customer0_ where customer0_.NAME=? and IS_MARRIED=? order by customer0_.NAME desc limit ?test