我在Package中有一个Oracle函数,我无法更改。我的函数返回一个记录表。 为了得到我想要的记录,我使用以下查询,其中FUN_WF_BLOCO1_CC_MOVIMENTOS是我的功能
SELECT * FROM TABLE (Schema.Function('474','0000',1119940000084,'1997-02-23','2017-03-07','M',0,999999999999999.99))
在SpringBoot应用程序上调用它的最佳方法是什么? 我尝试了很多替代方案,我能找到的唯一方法是
List<ConsultaMovimentoOutput> lst = null;
String sqlQuery = "SELECT * FROM TABLE (Schema.Function(?, ?, ?, ?, ?, ?, ?, ?))";
sqlQuery = Utils.resolveSqlArgs(sqlQuery, filter.getZcliente(), filter.getCkbalcao(), filter.getCknumcta(),
filter.getDtinicio(), filter.getDtfim(), filter.getTpdata(), filter.getVlmovmin(),
filter.getVlmovmax());
try {
lst = jdbcTemplate.query(sqlQuery, new ConsultaMovimentoRowMapper());
} catch (DataAccessException e) {
LOGGER.error("Failure in Consulta Movimentos ", e);
}
return lst;
public static String resolveSqlArgs(String sql, Object... args) {
String temp = sql.replace("?", "'%s'");
temp = String.format(temp, args);
return temp;
}
我正在使用sql.replace替换我的args为'?'但我认为这是非常弱的,以防止SQL注入。
有没有比SELECT * FROM TABLE更好的查询方式?
我不能使用preparedStatement,因为我有值设置,但我的查询中没有要设置的变量,如“where”或“like”子句。
没有sql.replace,有更好的方法吗?
谢谢
[编辑]
我有以下代码使用MapSqlParameterSource返回ORA-22905
StringBuilder query = new StringBuilder("SELECT * FROM TABLE (Schema.Function(?, ?, ?, ?, ?, ?, ?, ? ))");
Object[] params = new Object[]{
consultaMovimentosFilter.getzClienteIn(),
consultaMovimentosFilter.getCkBalcao(),
Long.parseLong(consultaMovimentosFilter.getNrProces()),
consultaMovimentosFilter.getDtFim(),
consultaMovimentosFilter.getDtFim(),
consultaMovimentosFilter.getIdDtValMov(),
Long.parseLong(consultaMovimentosFilter.getVlMontMin()),
Double.parseDouble(consultaMovimentosFilter.getVlMonMax())
};
List<ConsultaMovimentosOut> lst = null;
MapSqlParameterSource parameters = new MapSqlParameterSource();
return jdbcTemplate.query(query.toString(), params, new ConsultaMovimentosRowMapper());
我的jdbctemplate是Autowired:
@Autowired
private JdbcTemplate jdbcTemplate;
[编辑2]
服务器错误:
2018-04-04 11:59:09.895 DEBUG 1096 --- [nio-8080-exec-1] o.s.jdbc.support.SQLErrorCodesFactory:找到'Oracle'的SQL错误代码 2018-04-04 11:59:09.895 DEBUG 1096 --- [nio-8080-exec-1] osjdbc.support.SQLErrorCodesFactory:缓存DataSource的SQL错误代码[org.apache.tomcat.jdbc.pool.DataSource @ 4ffced4e]:数据库产品名称是'Oracle' 2018-04-04 11:59:09.895 DEBUG 1096 --- [nio-8080-exec-1] s.j.s.SQLErrorCodeSQLExceptionTranslator:无法转换错误代码为'22905'的SQLException,现在将尝试回退转换器 2018-04-04 11:59:09.895 DEBUG 1096 --- [nio-8080-exec-1] o.s.j.s.SQLStateSQLExceptionTranslator:从值'99999'中提取SQL状态类'99' 2018-04-04 11:59:09.905 ERROR 1096 --- [nio-8080-exec-1] c.t.n.w.services.web.Bloco1Controller:findAllDetalheContrato中出现异常
org.springframework.jdbc.UncategorizedSQLException:PreparedStatementCallback;未分类SQL的SQLException [SELECT * FROM TABLE(schema.Function(?,?,?,?,?,?,?,?))]; SQL状态[99999];错误代码[22905]; ORA-22905:nãépossívelteracesso a linhas a partir de um item de umatabelaãoencadeada ;嵌套异常是java.sql.SQLException:ORA-22905:nãépossívelteracesso a linhas a partir de um item de umatabelaãoencadeada
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:84)〜[spring-jdbc-4.3.7.RELEASE.jar:4.3.7.RELEASE] 在org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)〜[spring-jdbc-4.3.7.RELEASE.jar:4.3.7.RELEASE] 在org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)〜[spring-jdbc-4.3.7.RELEASE.jar:4.3.7.RELEASE] 在org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:649)〜[spring-jdbc-4.3.7.RELEASE.jar:4.3.7.RELEASE]