受让-贝纳德(Jean-Bernard)的启发,我想到了这一点:
public class WhereClause { public HashMap<String, String> queryValues; // [<"foo","bar">, <"baz","taz">] public String preparedString; // "WHERe foo=:foo AND bar=:baz"}通过一个自定义的Binder绑定
BindWhereClause:
@BindingAnnotation(BindWhereClause.WhereClauseBinderFactory.class)@Retention(RetentionPolicy.RUNTIME)@Target({ElementType.PARAMETER})public @interface BindWhereClause { class WhereClauseBinderFactory implements BinderFactory { public Binder build(Annotation annotation) { return new Binder<BindWhereClause, WhereClause>() { public void bind(SQLStatement q, BindWhereClause bind, WhereClause clause) { clause.queryValues .keySet() .forEach(s -> q.bind(s, clause.queryValues.get(s))); } }; } }}和的组合
@Define和
@Bind:
@UseStringTemplate3StatementLocatorpublic interface ThingDAO { @SqlQuery("SELECt * FROM things <where>") List<Thing> findThingsWhere(@Define("where") String where, @BindWhereClause() WhereClause whereClause);}这应该是防注射的。(是吗?)
