Play Framework Scala Anorm参数索引超出范围
[英]Play Framework Scala Anorm Parameter index out of range
问题描述
I'm using Play Framework 2.1 and I'm getting an exception when I try to execute this MySQL code to create a new table. 
我正在使用Play Framework 2.1,尝试执行此MySQL代码以创建新表时遇到异常。
[SQLException: Parameter index out of range (1 > number of parameters, which is 0).]
The code being executed to call this is this def: 正在执行以调用此代码的代码是此def:
def create(name: String):Boolean = {
if(!contains(name)) // a function that tests if the table already exists
{
val query = SQL("""
CREATE TABLE `database`.`{name}` (
`id` INT NOT NULL ,
`address` TEXT NULL ,
`city` TEXT NULL ,
`state` TEXT NULL ,
`zip` INT NULL ,
`ownerid` INT NULL ,
`price` DOUBLE NULL ,
`rooms` INT NULL ,
`available` BIT NULL ,
`type` TEXT NULL ,
PRIMARY KEY (`id`) );
""").on('name -> name).execute()(conn) //Play compilation error is highlighting this line
true
}
else false
} }
This works if I just use the "+name+" method of changing the string, but that leaves it open to SQL injection and using .on seems the proper way to do this. 如果我只是使用更改字符串的“ + name +”方法,则此方法有效,但这使它易于进行SQL注入,并且使用.on似乎是执行此操作的正确方法。
1 个解决方案
解决方案1
0 已采纳 2013-03-07 22:59:41
So what it looks like is the PreparedStatement can't use tablenames as parameters, so it looks like I'll have to manually change the String. 因此,它看起来像是PreparedStatement不能使用表名作为参数,因此看起来我不得不手动更改String。 If anyone has any insight on how to do this while avoiding SQL Injection, that would be great. 如果有人在避免SQL注入的同时对如何执行此操作有任何见解,那就太好了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.