使用变量值插入 SQL 和 Groovy
[英]Insert into SQL with Groovy using variable for values
问题描述
I'm trying to use a variable for the values part of an insert SQL statement.
我正在尝试将变量用于 insert SQL 语句的值部分。 What's odd is that if I copy the values of what I see in the debugger then the statement runs and inserts correctly.奇怪的是,如果我复制我在调试器中看到的值,那么语句会正确运行和插入。 If I use the variable then it gives me a "Sorry, wrong number of values" error.如果我使用该变量,那么它会给我一个“抱歉,值的数量错误”的错误。
Here's my insert这是我的插入
db.execute("""
INSERT INTO TABLE
(UNIT, ORD#, DISP, DATE, TIME, AMT, LAT, LONG, DRVR, OWNR, SETT, STAT)
values ${parsedOrderNumbers}
""")
parsedOrderNumbers looks like in the debugger, but it might also have " " surrounding it since it's a String. parsedOrderNumbers在调试器中看起来很像,但它周围也可能有" " ,因为它是一个字符串。 I'm not sure and think that might be what is happening here with the error or maybe with how Groovy interpolates ${parsedOrderNumbers}我不确定并认为这可能是这里发生的错误或者 Groovy 如何插入${parsedOrderNumbers}
('12345', '1234567', '' ,'2020-04-11', '234', '35.00', '39.693702697753906', '-75.53226470947266', '', '', '', ''), ('20514', '9876543', '' ,'2020-04-12', '004', '24.00', '39.27902603149414', '-76.55120086669922', '', '', '', '')
If I copy this and replace ${parsedOrderNumbers} then the statement runs.如果我复制它并替换${parsedOrderNumbers}然后语句运行。 Any ideas?有任何想法吗?
2 个解决方案
解决方案1
3 2020-05-16 14:49:16
The correct way to parameterize sql for JDBC is:为 JDBC 参数化 sql 的正确方法是:
db.executeInsert("INSERT INTO TABLE MyTable VALUES (?, ?, ?)", ['some', 123, myVar])
Docs: https://docs.groovy-lang.org/latest/html/documentation/sql-userguide.html#_creating_inserting_data文档: https://docs.groovy-lang.org/latest/html/documentation/sql-userguide.html#_creating_inserting_data
解决方案2
3 2020-05-17 08:50:03
When you use ${} syntax together with GString version of execute() ( Sql.execute(GString gstring) ), groovy-sql will treat each ${} as a bind variable.当您将${}语法与 GString 版本的 execute() ( Sql.execute(GString gstring) ) 一起使用时,groovy-sql 会将每个${}视为绑定变量。 You're getting the error Sorry, wrong number of values because groovy-sql only saw one bind variable when you're trying to insert 12 values.您收到错误“抱歉,值数量错误”,因为当您尝试插入 12 个值时,groovy-sql 只看到一个绑定变量。
What you're doing is actually not best practise, form both security (SQL injection) and performance (DB query cache) perspective.从安全(SQL 注入)和性能(数据库查询缓存)的角度来看,您所做的实际上不是最佳实践。
If you really want to generate the VALUES clause upfront then use the String version of Sql.execute(String query) like this.如果您真的想预先生成 VALUES 子句,请像这样使用Sql.execute(String query)的字符串版本。
db.execute("""
INSERT INTO TABLE
(UNIT, ORD#, DISP, DATE, TIME, AMT, LAT, LONG, DRVR, OWNR, SETT, STAT)
values ${parsedOrderNumbers}
""".toString())
However, I recommend doing what @ou_ryperd suggested or something like this.但是,我建议按照@ou_ryperd 的建议或类似的方式进行操作。
db.execute("""
INSERT INTO TABLE
(UNIT, ORD#, DISP, DATE, TIME, AMT, LAT, LONG, DRVR, OWNR, SETT, STAT)
values ($unit, $orderNo, $disp, $date, $time, $amt, $lat, $long, $drvr, $ownr, $sett, $stat)
""")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.