SQLGrammarException
之所以引发,是因为Hibernate生成的SQL查询的SQL语法错误。构建查询的方式是错误的,不应将值(尤其是字符串值)连接到结果查询,因为此类代码容易受到SQL注入攻击的攻击。相反,您可以在查询字符串中使用参数
String empId = p.getEmpId();String paramValue = "";if (empId !=null && !empId.isEmpty()) paramValue = " where b.empId=:empId";String empName = p.getEmployeeName();if (empName !=null && !empName.isEmpty()) { if (paramValue == "") paramValue =" where b.employeeName=:empName"; else paramValue =paramValue + " and b.employeeName=:empName"; } System.out.println("=========paramvalues===="+paramValue);Query query = session.createQuery("from RequestBean b"+paramValue);//now set parameter valuesif(empId !=null && !empId.isEmpty()) query.setParameter("empId", empId);if(empName !=null && !empName.isEmpty()) query.setParameter("empName", empName);recList = (List<RequestBean>) query.list();
