Java 这样使用Spring规范谓词安全吗?
我有以下代码:Java 这样使用Spring规范谓词安全吗?,java,spring,spring-data-jpa,Java,Spring,Spring Data Jpa,我有以下代码: private static Specification<Entity> caseInsensitiveLike(SingularAttribute<Entity, String> field, String searchParameter) { return (root, query, cb) -> { Predicate predicate = null; if (searchPar
private static Specification<Entity> caseInsensitiveLike(SingularAttribute<Entity, String> field, String searchParameter) {
return (root, query, cb) -> {
Predicate predicate = null;
if (searchParameter != null) {
predicate = cb.like(
cb.upper(root.get(field)),
"%" + searchParameter.toUpperCase() + "%");
}
query.orderBy(cb.desc(root.get(ExternalPatientEntity_.dateCreated)));
return predicate;
};
}
私有静态规范caseInsensitiveLike(SingularAttribute字段,String searchParameter){
返回(根、查询、cb)->{
谓词=null;
if(searchParameter!=null){
谓词=cb.like(
cb.upper(root.get(field)),
“%”+searchParameter.toUpperCase()+“%”;
}
orderBy(cb.desc(root.get(externalpatiententy_uu.dateCreated));
返回谓词;
};
}
我是否正确地理解了将不受控制的客户端提供的输入放在内置查询中,或者将其设置为jdbc语句的参数