我有以下小的Groovy脚本,它只对特定日期的数据库中的行数进行计数。
import groovy.sql.Sql
def today= new GregorianCalendar()
def dateString = "${today.get(Calendar.MONTH)+1}/${today.get(Calendar.DAY_OF_MONTH)-1}/${today.get(Calendar.YEAR)}"
def sql = Sql.newInstance("jdbc:oracle:thin:bc/bc@nemesis:1521:billctr", "bc","bc", "oracle.jdbc.OracleDriver")
def sqlLine = "select count(id) as count from bc_payment where trunc(paymentdate) = to_date(${dateString}, \'MM/DD/YYYY\')"
println(sqlLine)
def payCount = sql.execute(sqlLine)
println payCount
to_date需要在您传入的日期周围使用单引号。如果我将其关闭,我会得到SQLException: Invalid column type但是如果我在变量周围加上\',我会收到来自Groovy的警告
WARNING: In Groovy SQL please do not use quotes around dynamic expressions (which start with $) as this means we cannot use a JDBC PreparedStatement and so is a security hole. Groovy has worked around your mistake but the security hole is still there. The expression so far is: select count(id) as count from bc_payment where trunc(paymentdate) = to_date('?', 'MM/DD/YYYY')
有没有更好的方法来执行此操作而不使用to_date或以不同方式格式化变量?我是Groovy的新手,所以欢迎任何建议。提前谢谢!
答案 0 :(得分:2)
尝试以下内容(我希望我没有引入语法错误,这里没有Groovy ......)
import groovy.sql.Sql
def today= new java.sql.Date(new java.util.Date().getTime())
def sql = Sql.newInstance("jdbc:oracle:thin:bc/bc@nemesis:1521:billctr", "bc","bc", "oracle.jdbc.OracleDriver")
def sqlLine = "select count(id) as count from bc_payment where trunc(paymentdate) = ?"
println(sqlLine)
def payCount = sql.execute(sqlLine, [today])
println payCount
编辑:已更换
def today = new Date()
与
def today= new java.sql.Date(new java.util.Date().getTime())
答案 1 :(得分:2)
具有类似问题的开发人员的迟到答案。
我发现问题可以通过更改声明来修复:
def sqlLine = "... ${yourString} ..."
...将sqlLine创建为GStringImpl对象。相反,你可以像这样声明sqlLine:
String sqlLine = "... ${yourString} ..."
...我们解析内联变量并接收String对象。这样groovy.sql.Sql永远不会知道我们动态创建了sql。
答案 2 :(得分:1)
实际上,您可以从执行以下操作的DataSource中读取sql实例参数:
def _url = ConfigurationHolder.config.dataSource.url
def _username = ConfigurationHolder.config.dataSource.username
def _password = ConfigurationHolder.config.dataSource.password
def _driver = ConfigurationHolder.config.dataSource.driverClassName
def sql = Sql.newInstance(_url, _username, _password, _driver)
// For the paging
def int max = Math.min(params.max ? params.max.toInteger() : 25, 100)
def int offset = params.offset.toInteger()
def int last = offset + max
def month= params.month_value
我使用Oracle TO_DATE 和 TO_TIMESTAMP 功能。就我而言,如下:
query = "select * from " +
"(SELECT reporting.id, " +
"company_id as comp, " +
"to_date(TO_CHAR(invoice,'dd.mm.YYYY')) as invoice, " +
"TO_CHAR(last_updated,'dd.mm.YYYY HH:MI') as erstelltAm, " +
"row_number() over (" + sortByStr + ") as row_num FROM reporting, company " +
"WHERE reporting.company_id = company.id) " +
"reporting.month = TO_TIMESTAMP(" + month + ", 'dd.mm.yy')""
"where ROW_NUM between " + offset + " and " + last;