使用Groovy的$ {...}和SQL
[英]Using Groovy's ${…} with SQL
问题描述
I have a question about using a string in a JDBC SQL query. 
我有一个关于在JDBC SQL查询中使用字符串的问题。 Here are two examples and I expect both to work, but they don't. 这里有两个例子,我希望两者都有效,但事实并非如此。
Working version ... 工作版......
tabl = "Action"
query = "SHOW FULL COLUMNS FROM `Action`;"
println " "+ query
dbConnection.eachRow( query ){
In error variant: 错误变体:
tabl = "Action"
query = "SHOW FULL COLUMNS FROM `${tabl}`;"
println " "+ query
dbConnection.eachRow( query ){
The error comes back as an SQL syntax error. 该错误以SQL语法错误的形式返回。 As you can see the statements are textually identical. 正如您所看到的,语句在文本上是相同的。
The output show the statement, then an error: 输出显示语句,然后是错误:
SHOW FULL COLUMNS FROM `Action`;
May 20, 2013 10:52:01 AM groovy.sql.Sql eachRow
WARNING: Failed to execute: SHOW FULL COLUMNS FROM `?`; because:
Parameter index out of range (1 > number of parameters, which is 0).
May 20, 2013 10:52:01 AM groovy.sql.Sql eachRow
I think that's just Groovy trying to look for a culprit. 我认为只是Groovy试图寻找罪魁祸首。 When I feed the literal string to the JDBC connection it works just fine for the 'Action' table. 当我将文字字符串提供给JDBC连接时,它可以很好地用于'Action'表。
I'm hoping someone can explain the error and offer a fix. 我希望有人可以解释错误并提供修复。
For those reading, I found this option as a workaround : 对于那些阅读,我发现这个选项是一个解决方法 :
query = "SHOW FULL COLUMNS FROM `"+ tabl.toString() +"`;"
While there might be a less verbose option, using "+"; 虽然可能有一个不那么冗长的选项,使用“+”; to me it feels as if using ${tabl} should work. 对我来说,感觉好像使用$ {tabl}应该有效。
Thanks in advance, 提前致谢,
2 个解决方案
解决方案1
4 2013-09-26 16:56:31
I ran into this as well. 我也碰到了这个。 Your workaround works, but a cleaner way would be to call toString() on the org.codehaus.groovy.runtime.GStringImpl version. 您的解决方法有效,但更org.codehaus.groovy.runtime.GStringImpl方法是在org.codehaus.groovy.runtime.GStringImpl版本上调用toString() 。 That is, if you do not need any of the prepared statement features or protection on the execute. 也就是说,如果您不需要任何准备好的语句功能或执行保护。 This is due to the Groovy SQL engine trying to turn it into a prepared statement, because it sees the original string as a GString . 这是由于Groovy SQL引擎试图将其转换为预准备语句,因为它将原始字符串视为GString 。 In order to prevent SQL injection attacks, you would want this though when using values that could be provided from the end-user. 为了防止SQL注入攻击,在使用最终用户可能提供的值时,您会希望这样做。 In your case and mine that was not a concern so toString() works just fine. 在你的情况和我的不是一个问题,所以toString()工作得很好。
See: http://groovy.codehaus.org/Tutorial+6+-+Groovy+SQL 请参阅: http : //groovy.codehaus.org/Tutorial+6+-+Groovy+SQL
解决方案2
3 2013-07-24 00:14:34
I think the problem is that when you use the in-string variable produces a different object type than when you don't use it. 我认为问题在于,当您使用in-string变量时,会产生与不使用它时不同的对象类型。 One is a String , the other a GString . 一个是String ,另一个是GString 。
Eg, see this script and the output: 例如,请参阅此脚本和输出:
def a = "123"
def b = "abc"+a
def c = "abc${a}"
println b.class
println c.class
>>
class java.lang.String
class org.codehaus.groovy.runtime.GStringImpl
It seems that the eachRow function is sensitive to this difference for some reason. 似乎eachRow函数由于某种原因对这种差异很敏感。 The two functions you're using are 你正在使用的两个功能是
- http://groovy.codehaus.org/api/groovy/sql/Sql.html#eachRow(groovy.lang.GString,%20groovy.lang.Closure) http://groovy.codehaus.org/api/groovy/sql/Sql.html#eachRow(groovy.lang.GString,%20groovy.lang.Closure)
- http://groovy.codehaus.org/api/groovy/sql/Sql.html#eachRow(java.lang.String,%20groovy.lang.Closure) http://groovy.codehaus.org/api/groovy/sql/Sql.html#eachRow(java.lang.String,%20groovy.lang.Closure)
But I can't see why they'd behave differently.. 但我不明白为什么他们的行为会有所不同......
Another workaround would be to call toString on the query variable - that will cast it back to a String : 另一种解决方法是在query变量上调用toString - 将其转换回String :
def d = c.toString()
println d.class
>>
class java.lang.String
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.