如何阻止 Spring JPA 将参数转义到查询方法?
[英]How can I stop Spring JPA from escaping the arguments to a query method?
问题描述
In my Spring JPA application, I have a query method called findAllByNameContaining that works for simple, one word arguments.
在我的 Spring JPA 应用程序中,我有一个名为 findAllByNameContaining 的查询方法,它适用于简单的单字参数。
For instance, with a record in the database having a field value of 'Foo bar zed', the query method will return the record if called with 'Foo'.例如,数据库中的记录的字段值为“Foo bar zed”,如果使用“Foo”调用,则查询方法将返回该记录。
However, I'd like the record to be retured if the query method is called with 'Foo zed'.但是,如果使用“Foo zed”调用查询方法,我希望返回记录。 I tried to replace spaces in the search term with '%'.我试图用“%”替换搜索词中的空格。 This returned nothing and when I checked the generated SQL, I see that the '%' that I added to the search term was escaped.这没有返回任何内容,当我检查生成的 SQL 时,我看到我添加到搜索词的 '%' 被转义了。 I understand this is likely to be protection against SQL injection, but I was wondering if there's anyway to stop Sopring escaping.我知道这可能是为了防止 SQL 注入,但我想知道是否有办法阻止 Sopring 逃逸。 I can validate the arguments myself to protect against SQL injection.我可以自己验证参数以防止 SQL 注入。
1 个解决方案
解决方案1
1 已采纳 2020-10-05 13:30:02
Use findByNameLike instead and put the wildcards in the argument where ever you want.改用findByNameLike并将通配符放在参数中您想要的任何位置。
Note that you have to provide all wildcards in the argument, Spring Data won't add any on its own but it won't escape any either.请注意,您必须在参数中提供所有通配符,Spring Data 不会自行添加任何通配符,但也不会转义任何通配符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.