Java JPA查询中的sql查询生成器?
我用java做了一个搜索工具Java JPA查询中的sql查询生成器?,java,sql,jpa,Java,Sql,Jpa,我用java做了一个搜索工具 String query = "SELECT * FROM Customer WHERE 1 = 1 "; if (!firstname.isEmpty()) query += "AND cName = '" + firstname + "' "; if (!lastname.isEmpty()) query += "AND cLastName = '" + lastname + "'
String query = "SELECT * FROM Customer WHERE 1 = 1 ";
if (!firstname.isEmpty()) query += "AND cName = '" + firstname + "' ";
if (!lastname.isEmpty()) query += "AND cLastName = '" + lastname + "' ";
if (!epost.isEmpty()) query += "AND cEpost = '" + epost + "' ";
if (!phonenumber.isEmpty()) query += "AND cPhonenumber '" + phonenumber + "' ";
如果所有这些参数都有值,则输出:
SELECT * FROM Customer WHERE 1 = 1
AND cName = 'test'
AND cLastName = 'test1'
AND cEpost = 'test2'
AND cPhonenumber 'test3'
这样我可以通过填写更多的数据来获得更好的结果,但我仍然可以选择不这样做。。我需要一个JPA的解决方案。。有什么建议吗
谢谢
编辑:基于以下答案的最终结果:
public static List<Customer> searchCustomersByParameters(String firstname, String lastname,
String epost, String phonenumber) {
String sql = "SELECT c FROM Customer c WHERE 1 = 1 ";
if (!firstname.isEmpty()) sql += "AND c.cName = :firstname ";
if (!lastname.isEmpty()) sql += "AND c.cLastName = :lastname ";
if (!epost.isEmpty()) sql += "AND c.cEpost = :epost ";
if (!phonenumber.isEmpty()) sql += "AND c.cPhonenumber = :phonenumber";
Query q = em.createQuery(sql);
if (!firstname.isEmpty()) q.setParameter("firstname", firstname);
if (!lastname.isEmpty()) q.setParameter("lastname", lastname);
if (!epost.isEmpty()) q.setParameter("epost", epost);
if (!phonenumber.isEmpty()) q.setParameter("phonenumber", phonenumber);
return q.getResultList();
}
public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
String sql=“从客户c中选择c,其中1=1”;
如果(!firstname.isEmpty())sql+=“和c.cName=:firstname”;
如果(!lastname.isEmpty())sql+=“和c.lastname=:lastname”;
如果(!epost.isEmpty())sql+=“和c.cEpost=:epost”;
如果(!phonenumber.isEmpty())sql+=“和c.cPhonenumber=:phonenumber”;
Query q=em.createQuery(sql);
if(!firstname.isEmpty())q.setParameter(“firstname”,firstname);
if(!lastname.isEmpty())q.setParameter(“lastname”,lastname);
if(!epost.isEmpty())q.setParameter(“epost”,epost);
if(!phonenumber.isEmpty())q.setParameter(“phonenumber”,phonenumber);
返回q.getResultList();
}
使用什么?和设置参数以防止sql注入,在JPA中,您可以像旧方法一样使用本机sql,也可以使用JPQL。按条件生成sql并设置参数。我在这里使用where 1=1条件,以便通过和轻松附加下一个条件。否则,您将很难将“where”附加到sql中
按本地人:
public static List<YourEntity> getFromTable(String name,String surname) {
EntityManager em = PersistenceManager.instance().createEntityManager();
try {
String sql = " select * from table where 1=1 ";
if(name!=null && !name.trim().isEmpty()){
sql +=" and name = :name";
}
if(surname!=null && !surname.trim().isEmpty()){
sql +=" and surname = :surname";
}
Query q = em.createNativeQuery(sql);
if(name!=null && !name.trim().isEmpty()){
q.setParameter("name", name);
}
if(surname!=null && !surname.trim().isEmpty()){
q.setParameter("surname", surname);
}
List<YourEntity> l = q.getResultList();
return l;
} finally {
em.close();
}
}
公共静态列表getFromTable(字符串名称、字符串姓氏){
EntityManager em=PersistenceManager.instance().createEntityManager();
试一试{
String sql=“从表中选择*,其中1=1”;
if(name!=null&&!name.trim().isEmpty()){
sql+=“和name=:name”;
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
sql+=“和姓氏=:姓氏”;
}
Query q=em.createNativeQuery(sql);
if(name!=null&&!name.trim().isEmpty()){
q、 setParameter(“名称”,名称);
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
q、 setParameter(“姓氏”,姓氏);
}
List l=q.getResultList();
返回l;
}最后{
em.close();
}
}
由jpql编写:
public static List<YourEntity> getFromTable(String name,String surname) {
EntityManager em = PersistenceManager.instance().createEntityManager();
try {
String sql = " select e from YourEntity e where 1=1 ";
if(name!=null && !name.trim().isEmpty()){
sql +=" and e.name = :name";
}
if(surname!=null && !surname.trim().isEmpty()){
sql +=" and e.surname = :surname";
}
Query q = em.createQuery(sql);
if(name!=null && !name.trim().isEmpty()){
q.setParameter("name", name);
}
if(surname!=null && !surname.trim().isEmpty()){
q.setParameter("surname", surname);
}
List<YourEntity> l = q.getResultList();
return l;
} finally {
em.close();
}
}
公共静态列表getFromTable(字符串名称、字符串姓氏){
EntityManager em=PersistenceManager.instance().createEntityManager();
试一试{
String sql=“从实体e中选择e,其中1=1”;
if(name!=null&&!name.trim().isEmpty()){
sql+=“和e.name=:name”;
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
sql+=“和e.姓氏=:姓氏”;
}
Query q=em.createQuery(sql);
if(name!=null&&!name.trim().isEmpty()){
q、 setParameter(“名称”,名称);
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
q、 setParameter(“姓氏”,姓氏);
}
List l=q.getResultList();
返回l;
}最后{
em.close();
}
}
虽然当然可以使用字符串连接创建动态SQL,但一种类型更安全、风险更小(就SQL注入而言)的方法是使用
public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
var qb=em.getCriteriaBuilder();
var query=qb.createQuery(Customer.class);
var root=query.from(Customer.class);
查询。选择(根);
if(!firstname.isEmpty())query.where(qb.equal(root.get(“cName”),firstname));
if(!lastname.isEmpty())query.where(qb.equal(root.get(“lastname”),lastname));
if(!epost.isEmpty())query.where(qb.equal(root.get(“cEpost”),epost));
if(!phonenumber.isEmpty())query.where(qb.equal(root.get(“cPhonenumber”),phonenumber));
返回em.createQuery(query.getResultList();
}
。。。或者,如果您不需要严格使用JPQL,也可以使用:
public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
返回
ctx.selectFrom(客户)
.where(!firstname.isEmpty()?CUSTOMER.CNAME.eq(firstname):noCondition())
.和(!lastname.isEmpty()?CUSTOMER.clatname.eq(lastname):noCondition())
和(!epost.isEmpty()?CUSTOMER.CEPOST.eq(epost):无条件())
.和(!phonenumber.isEmpty()?CUSTOMER.CPHONENUMBER.eq(phonenumber):无条件()
.fetchInto(Customer.class);
}
免责声明:我为jOOQ背后的公司工作。旁注:您不应该这样做:如果只有一个参数没有正确转义。在构造查询时使用
?
作为占位符,然后使用准备好的语句自动转义所有参数。是的,我知道。但这只是举个例子:-)谢谢!