Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/70.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/fortran/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java JPA查询中的sql查询生成器?_Java_Sql_Jpa - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java JPA查询中的sql查询生成器?

Java JPA查询中的sql查询生成器?

java sql jpa

Java JPA查询中的sql查询生成器?,java,sql,jpa,Java,Sql,Jpa,我用java做了一个搜索工具 String query = "SELECT * FROM Customer WHERE 1 = 1 "; if (!firstname.isEmpty()) query += "AND cName = '" + firstname + "' "; if (!lastname.isEmpty()) query += "AND cLastName = '" + lastname + "'

我用java做了一个搜索工具

String query = "SELECT * FROM Customer WHERE 1 = 1 ";
        if (!firstname.isEmpty())   query += "AND cName = '"        + firstname     + "' ";
        if (!lastname.isEmpty())    query += "AND cLastName = '"    + lastname      + "' ";
        if (!epost.isEmpty())       query += "AND cEpost = '"       + epost         + "' ";
        if (!phonenumber.isEmpty()) query += "AND cPhonenumber '"   + phonenumber   + "' ";
如果所有这些参数都有值,则输出:

SELECT * FROM Customer WHERE 1 = 1 
AND cName = 'test' 
AND cLastName = 'test1' 
AND cEpost = 'test2' 
AND cPhonenumber 'test3'
这样我可以通过填写更多的数据来获得更好的结果,但我仍然可以选择不这样做。。我需要一个JPA的解决方案。。有什么建议吗

谢谢

编辑:基于以下答案的最终结果:

public static List<Customer> searchCustomersByParameters(String firstname, String lastname,
    String epost, String phonenumber) {

    String sql = "SELECT c FROM Customer c WHERE 1 = 1 ";
    if (!firstname.isEmpty())   sql += "AND c.cName = :firstname ";
    if (!lastname.isEmpty())    sql += "AND c.cLastName = :lastname ";
    if (!epost.isEmpty())       sql += "AND c.cEpost = :epost ";
    if (!phonenumber.isEmpty()) sql += "AND c.cPhonenumber = :phonenumber";

    Query q = em.createQuery(sql);
    if (!firstname.isEmpty())   q.setParameter("firstname", firstname);
    if (!lastname.isEmpty())    q.setParameter("lastname", lastname);
    if (!epost.isEmpty())       q.setParameter("epost", epost);
    if (!phonenumber.isEmpty()) q.setParameter("phonenumber", phonenumber);

    return q.getResultList();


}

public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
String sql=“从客户c中选择c,其中1=1”;
如果(!firstname.isEmpty())sql+=“和c.cName=:firstname”;
如果(!lastname.isEmpty())sql+=“和c.lastname=:lastname”;
如果(!epost.isEmpty())sql+=“和c.cEpost=:epost”;
如果(!phonenumber.isEmpty())sql+=“和c.cPhonenumber=:phonenumber”;
Query q=em.createQuery(sql);
if(!firstname.isEmpty())q.setParameter(“firstname”,firstname);
if(!lastname.isEmpty())q.setParameter(“lastname”,lastname);
if(!epost.isEmpty())q.setParameter(“epost”,epost);
if(!phonenumber.isEmpty())q.setParameter(“phonenumber”,phonenumber);
返回q.getResultList();
}
使用什么?和设置参数以防止sql注入,在JPA中,您可以像旧方法一样使用本机sql,也可以使用JPQL。按条件生成sql并设置参数。我在这里使用where 1=1条件,以便通过和轻松附加下一个条件。否则,您将很难将“where”附加到sql中

按本地人:

public static List<YourEntity> getFromTable(String name,String surname) {
        EntityManager em = PersistenceManager.instance().createEntityManager();

        try {
            String sql = " select * from table where 1=1 ";
            if(name!=null && !name.trim().isEmpty()){
                sql +=" and name = :name";
            }
            if(surname!=null && !surname.trim().isEmpty()){
                sql +=" and surname = :surname";
            }

            Query q = em.createNativeQuery(sql);
             if(name!=null && !name.trim().isEmpty()){
               q.setParameter("name", name);
            }
            if(surname!=null && !surname.trim().isEmpty()){
               q.setParameter("surname", surname);
            }

            List<YourEntity> l = q.getResultList();
            return l;
        } finally {
            em.close();
        }
    }

公共静态列表getFromTable(字符串名称、字符串姓氏){
EntityManager em=PersistenceManager.instance().createEntityManager();
试一试{
String sql=“从表中选择*,其中1=1”;
if(name!=null&&!name.trim().isEmpty()){
sql+=“和name=:name”;
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
sql+=“和姓氏=:姓氏”;
}
Query q=em.createNativeQuery(sql);
if(name!=null&&!name.trim().isEmpty()){
q、 setParameter(“名称”,名称);
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
q、 setParameter(“姓氏”,姓氏);
}
List l=q.getResultList();
返回l;
}最后{
em.close();
}
}
由jpql编写:

public static List<YourEntity> getFromTable(String name,String surname) {
        EntityManager em = PersistenceManager.instance().createEntityManager();

        try {
            String sql = " select e from YourEntity e where 1=1 ";
            if(name!=null && !name.trim().isEmpty()){
                sql +=" and e.name = :name";
            }
            if(surname!=null && !surname.trim().isEmpty()){
                sql +=" and e.surname = :surname";
            }

            Query q = em.createQuery(sql);
             if(name!=null && !name.trim().isEmpty()){
               q.setParameter("name", name);
            }
            if(surname!=null && !surname.trim().isEmpty()){
               q.setParameter("surname", surname);
            }

            List<YourEntity> l = q.getResultList();
            return l;
        } finally {
            em.close();
        }
    }

公共静态列表getFromTable(字符串名称、字符串姓氏){
EntityManager em=PersistenceManager.instance().createEntityManager();
试一试{
String sql=“从实体e中选择e,其中1=1”;
if(name!=null&&!name.trim().isEmpty()){
sql+=“和e.name=:name”;
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
sql+=“和e.姓氏=:姓氏”;
}
Query q=em.createQuery(sql);
if(name!=null&&!name.trim().isEmpty()){
q、 setParameter(“名称”,名称);
}
if(姓氏!=null&&!姓氏.trim().isEmpty()){
q、 setParameter(“姓氏”,姓氏);
}
List l=q.getResultList();
返回l;
}最后{
em.close();
}
}
虽然当然可以使用字符串连接创建动态SQL,但一种类型更安全、风险更小(就SQL注入而言)的方法是使用

public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
var qb=em.getCriteriaBuilder();
var query=qb.createQuery(Customer.class);
var root=query.from(Customer.class);
查询。选择(根);
if(!firstname.isEmpty())query.where(qb.equal(root.get(“cName”),firstname));
if(!lastname.isEmpty())query.where(qb.equal(root.get(“lastname”),lastname));
if(!epost.isEmpty())query.where(qb.equal(root.get(“cEpost”),epost));
if(!phonenumber.isEmpty())query.where(qb.equal(root.get(“cPhonenumber”),phonenumber));
返回em.createQuery(query.getResultList();
}
。。。或者,如果您不需要严格使用JPQL,也可以使用:

public static List searchCustomerByParameters(字符串firstname、字符串lastname、,
字符串epost,字符串phonenumber){
返回
ctx.selectFrom(客户)
.where(!firstname.isEmpty()?CUSTOMER.CNAME.eq(firstname):noCondition())
.和(!lastname.isEmpty()?CUSTOMER.clatname.eq(lastname):noCondition())
和(!epost.isEmpty()?CUSTOMER.CEPOST.eq(epost):无条件())
.和(!phonenumber.isEmpty()?CUSTOMER.CPHONENUMBER.eq(phonenumber):无条件()
.fetchInto(Customer.class);
}
免责声明:我为jOOQ背后的公司工作。旁注:您不应该这样做:如果只有一个参数没有正确转义。在构造查询时使用
作为占位符,然后使用准备好的语句自动转义所有参数。是的,我知道。但这只是举个例子:-)谢谢!