带有本机查询和有序参数的查询字符串，sql 不起作用

Question

I have the following code

  @Query(nativeQuery = true, value = "select  e.* from event e"
  + " join league  l on (l.id = e.league_id)"
  + " join sport s on (l.sport_id = s.id)"
  + " join team t1 on (t1.id = e.team_one_id)"
  + " join team t2 on (t2.id = e.team_two_id)"
  + " join country c on (c.id = l.country_id)"
  + " where l.name LIKE %?1%")

Page<Event> getAllEventsFiltered(final PageRequest of, final String filter);

If execute this SQL into database I receive a lot of results but when is executed from java I receive no one result in the same SQL.

I already tried:

where l.name LIKE %?#{escape([1])} escape ?#{escapeCharacter()}

but just works to begins and I needs for both begin and end.

Answer 1

JDBC parameters can only be included in very specific places in a SQL statement. They are not replaced as strings in the SQL statement but they are applied . The specific valid places change from database to database, and also depend on the JDBC driver variant/version.

The general rule is that a parameter can be applied where a single value would be present. String parameters should not be enclosed in single quotes as a VARCHAR would be.

One option to make it compliant, is to place the parameter isolated from other text, for example by using the CONCAT() function. Your query could be rephrased as:

  @Query(nativeQuery = true, value = "select  e.* from event e"
  + " join league  l on (l.id = e.league_id)"
  + " join sport s on (l.sport_id = s.id)"
  + " join team t1 on (t1.id = e.team_one_id)"
  + " join team t2 on (t2.id = e.team_two_id)"
  + " join country c on (c.id = l.country_id)"
  + " where l.name LIKE concat('%', ?1, '%')") // change here

Nevertheless, the specific syntax change can be different depending on the database you are using (that you haven't mentioned).