如何在Hibernate中的变量值之前和之后添加符号引号

时间:2019-05-30 13:20:33

标签: spring postgresql hibernate

我有一个变量,即表名,我想使用休眠将其传递给查询并用两个单引号引起来。

我不想使用+对其进行修饰,因为Hello SQL Injection 

public List <Long> getAllTableColumns(String tableName) {
        String request = "SELECT column_name FROM information_schema.columns " +
                "WHERE table_schema = 'test' AND table_name = :tableName " ;

        Query query = entityManager.createNativeQuery(request).setParameter("tableName", tableName);
        List<BigDecimal> resultList =  query.getResultList() ;
        return resultList.stream().map(BigDecimal::longValue).collect(Collectors.toList());
    }

此请求的结果是

SELECT column_name FROM information_schema.columns WHERE table_schema = 'test' AND table_name = user

,预期结果是

SELECT column_name FROM information_schema.columns WHERE table_schema = 'test' AND table_name = 'user'

0 个答案:

没有答案
相关问题
最新问题