Use jpa nativequery multiple columns in object list array
List<Object []> queryList = new ArrayList<>();
String[] arr = {"val1", "val2"};
queryList.add(arr);
String sql = SELECT * FROM TABLE A WHERE (A.COL1, A.COL2) IN (:queryList)
Query query = entityManager.createNativeQuery(sql);
query.setParameter("queryList", queryList);
In postgresql like this
SELECT * FROM TABLE A WHERE (A.COL1, A.COL2) IN (('val1', 'val2'), ('val3', 'val4'));
Here is the Exception
Caused by: org.postgresql.util.PSQLException: ERROR: operator does not exist: record = bytea
建議:No operator matches the given name and argument types. You might need to add explicit type
Is this possible?
I would try to restructure the query as follows:
SELECT * FROM TABLE A
WHERE (A.COL1 = 'val1' and A.COL2 = 'val2')
OR (A.COL1 = 'val3' and A.COL2 = 'val4')
This would allow the query to be constructed as follows:
List<String[]> queryList = new ArrayList<>();
String[] arr = {"val1", "val2"};
String[] arr = {"val3", "val4"};
queryList.add(arr);
String sql = "SELECT * FROM TABLE A "; //dont forget space at end
if (!queryList.isEmpty()){
sql = sql + "WHERE "; //dont forget space at end
for (String[] queryParam : queryList ){
sql = sql + " (A.COL1 = '"+ queryParam[0] + "' and A.COL2 = '" + queryParam[1] + "') OR "; //dont forget space at end and simple colons for param
}
//finally remove the last OR.
Integer indexLastOR = sql.lastIndexOf("OR");
sql = sql.substring(0, indexLastOR);
}
Query query = entityManager.createNativeQuery(sql);
This will also allow the query to be implemented without being native, which is advisable to maintain the JPA philosophy.
Related
Using com.couchbase.client, java-client version 2.2.7 I have been unable to get a n1ql query working that uses an IN statement with multiple items see my example query and java code below
public int getCountForDuration(Long startTime, Long endTime, String ids){
JsonObject placeHolders = JsonObject.create().put("ids", ids).put("startTime", startTime).put("endTime", endTime);
N1qlQuery query = N1qlQuery.parameterized(COUNT_STATEMENT, placeHolders)
N1qlQueryResult result = bucket.query(query);
...
}
public static final String COUNT_STATEMENT = "select count(*) as count " +
"from bucketName " +
"where docType = 'docId' " +
"and (id IN [$ids]) " + <----- OFFENDING LINE
"and publishTimestamp between $startTime and $endTime";
I've tried setting ids using ('), ("), and (`) such as:
ids = "'123', '456'";
ids = "\"123\" , \"456\";
ids = "`123`,`456`";
None of these are working when there are multiple ids however if there is only one such as ids = "'123'" it works fine. Also my query works if I use it using CBQ on the terminal.
My question is this how do I crate a parameterized N1QL query which
can take multiple items in an IN statement?
Removing the brackets around the $ids in the statement and putting the actual ids into placeholders as a JsonArray object should work:
JsonObject placeHolders = JsonObject.create()
.put("ids", JsonArray.from("id1", "id2", "id3"))
.put("startTime", startTime)
.put("endTime", endTime);
Question
With MySQL and using a JDBC template, is there a way to build parameters from Java Lists so that the SQL request matches a couple of values with couples of values in a given set?
Details
The values should match only if the couple of values is present in the list.
It should not match if one is present in a couple of values and the other in another couple further into the list of couples.
That is to say, given that JDBC parametrized query:
SELECT *
FROM TABLE_1
WHERE (COL_1, COL_2) IN (:valuesSet)
Caution: valuesSet is a set of couples
And that Java code:
public void daoMethod(List<MyObject> values1, List<MyObject> values2) {
String query = "";
query = "SELECT *\n" +
"FROM TABLE_1\n" +
"WHERE (COL_1, COL_2) IN (:valuesSet)";
MapSqlParameterSource parameters = new MapSqlParameterSource();
// Build valuesSet here
parameters.addValue("valuesSet", valuesSet);
namedParameterJdbcTemplate.query(query, parameters);
}
Is there an elegant way to build a JDBC template without having to "manually" create the string?
The inserted :valuesSet should be something like:
"(values1.get(0), values2.get(0)), (values1.get(1), values2.get(1)), ..."
But how should I build that string?
Current Track
Currently, my first draft solution is to build the string by Java code like this:
List<String> valuesSet = new ArrayList<String>();
for (int i = 0; i < values1.size(); i++) {
String value1 = StringEscapeUtils.escapeSql(values1.get(i).toString());
String value2 = StringEscapeUtils.escapeSql(values2.get(i).toString());
valuesSet.add("('" + value1 + "','" + value2 + "')");
}
But it keeps escaping the result list to make it a String and adds ' around it. Therefore, it's not working.
TL;DR
Input:
List<Object> objects
Output:
SELECT *
FROM TABLE_1
WHERE (COL_1, COL_2) IN (
('object_1_val1', 'object_1_val2'),
('object_2_val1', 'object_2_val2'),
('object_3_val1', 'object_3_val2'),
('object_4_val1', 'object_4_val2'),
...
)
Mean:
NamedParameterJdbcTemplate
Use every value separately.
List<String> valuesSet = new ArrayList<>();
StringBuilder sqlIn = new SqlBuilder();
for (int i = 0; i < values1.size(); i++) {
sqlIn.append("(?, ?),");
valuesSet.add(values1.get(i).toString());
valuesSet.add(values2.get(i).toString());
}
I found out a workaround using CONCAT():
SELECT *
FROM TABLE_1
WHERE CONCAT(COL_1, ',', COL_2) IN (:valuesSet);
That way, valuesSet can be a simple list of strings and is passed as the following:
List<String> valuesSet = new ArrayList<String>();
for (int i = 0; i < values1.size(); i++) {
String value1 = StringEscapeUtils.escapeSql(values1.get(i).toString());
String value2 = StringEscapeUtils.escapeSql(values2.get(i).toString());
valuesSet.add(value1 + "," + value2;
}
parameters.addValue("valuesSet", valuesSet);
Then, the executed query is something like:
SELECT *
FROM TABLE_1
WHERE CONCAT(COL_1, ',', COL_2) IN (
'object_1_val1,object_2_val1',
'object_1_val2,object_2_val2',
'object_1_val3,object_2_val3',
'object_1_val4,object_2_val4',
...
);
I am facing some issue with the following query.
for (String string : projects) {
String sql = "SELECT eff.id,eff.taskNo,eff.projectId,sum(eff.hours),eff.employeeId FROM EffortCalculator eff where eff.projectId='"
+ string + "' and eff.dayDate >= '2014-12-15' and eff.dayDate <= '2014-12-16' GROUP BY eff.projectId";
System.out.println("sql" + sql);
SQLQuery query = session.createSQLQuery(sql);
System.out.println(query.list());
// query.addEntity(EffortCalculator.class);
list.addAll(query.list());
}
When I execute this query in MySQL DB it works fine. It actually contains two rows. But when I use this query in hibernate it gives empty list.
Aimed at preventing SQL injection attacks, all the SQL Statement code in my project should transformed to Parameterized Query. But I got a problem when the query condition includes a 'IN' case. Like this (Using DB2 database):
String employeeId = 'D2309';
String name = "%brady%";
List<Integer> userRights = new ArrayList<Integer>();
userRights.add(1);
userRights.add(2);
userRights.add(3);
String sql = "SELECT * FROM T_EMPLOYEE WHERE EMPLOYEE_ID = ? AND NAME LIKE ?
AND RIGHT IN (?)";
jdbcTemplate.query(sql, new Object[] {employeeId, name, userRights}, new
EmployeeRowMapper());
The above code runs failed with the exception:
org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad
SQL grammar [SELECT * FROM T_EMPLOYEE WHERE EMPLOYEE_ID = ? AND NAME LIKE ? AND
RIGHT IN (?)]; nested exception is com.ibm.db2.jcc.am.io: [jcc][1091][10824]
[3.57.82] .... ERRORCODE=-4461, SQLSTATE=42815
The question here is that does not JdbcTemplate support Parameterized Query for IN case? and I know this work can be done by NamedParameterJdbcTemplate, and whether only NamedParameterJdbcTemplate can do IN case query?
Thanks a lot.
As I already mentioned in the comments, I'm not happy with this solution as it dynamically generates a number of SQL statements. Given the number of userRights is between 1 and n, it requires up to n prepared statements in the cache.
The below should work (I did not try it).
String employeeId = 'D2309';
String name = "%brady%";
List<Integer> userRights = new ArrayList<Integer>();
userRights.add(1);
userRights.add(2);
userRights.add(3);
// build the input string
StringBuilder sb = new StringBuilder();
for (int i = 0; i < userRights.size; i++) {
sb.append("?");
if (i < userRights.size() - 1) {
sb.append(", ");
}
}
// build the SQL
String sql = "SELECT * FROM T_EMPLOYEE WHERE EMPLOYEE_ID = ?" +
" AND NAME LIKE ?" +
" AND RIGHT IN (" + sb.toString() + ")";
// init the object array
// size is employeeId + name + right
Object[] param = new Object[2 + userRights.size()];
// fill it
param[0] = employeeId;
param[1] = name;
for (int i = 0; i < userRights.size(); i++) {
param[i + 2] = userRights.get(i);
}
jdbcTemplate.query(sql, param, new EmployeeRowMapper());
I am trying to implement PreparedStatement, which won't work with sql DB.
Suppose I have the following sql query:
String selectSqlQuery = "SELECT * FROM customer WHERE f1 = ? AND f2 =? AND f3 > ?";
and the following code:
//----
prest = con.prepareStatement(selectSqlQuery );
prest.setString(1, "val1");
prest.setString(2, "val2");
prest.setInt(3, 108);
ResultSet rs = prest.executeQuery();
//---
My question is how to implement setString and setInt methods for injecting params?
For now I save parameters' indexes and values into HashMap, but after it I can't make injection into sql query string.
implementation of sql's java interfaces are part of vendor specific jdbc driver. You probably just need to get the proper jdbc jar file for you database. writing implementations of such stuff is usually just needed if you intend to write your own database driver...
Since you're writing your own driver, you can play with your class a little. Let's change the approach. If you have a query like this one:
"SELECT * FROM table WHERE id = ? AND name = ?"
Replace the ? to turn it into
"SELECT * FROM table WHERE id = {0} AND name = {1}"
About your set methods, those will have to save your new parameters in an Object array, again matching against the index.
Object parameterArray = new Object[1];
public boolean setString(int paramIndex, String param) {
if(paramIndex < 0 || paramIndex > parameterArray.length)
throw new IllegalArgumentException("Can't set parameter " + paramIndex + ", The query only has " + parameterArray.length + " parameters.");
parameterArray[paramIndex - 1] = param;
}
Before executing the query, take advantage of your formatted string and set the parameters:
MessageFormat messageFormat = new MessageFormat(query);
String newQuery = messageFormat.format(parameterArray);
The format method will replace the {number} substrings for the corresponding element in the index represented by the number between brackets.