带有参数的 HQL 给出错误 IllegalArgumentException

Question

我在尝试使用带参数的 HQL 获取一些数据时遇到异常。下面是异常和代码。

java.lang.IllegalArgumentException: org.hibernate.hql.internal.ast.QuerySyntaxException: TESTDB.ORDER_DETAILS 未映射 [SELECT DATE,ORDER_NAME,DESCRIPTION FROM TESTDB.ORDER_DETAILS WHERE ORDER_ID = :orderId ORDER BY DATE DESC]

//*************************************************************    
OrderDetailDTO orderDetailDTO = new OrderDetailDTO();
List<OrderDetailDTO> orderList = new ArrayList<OrderDetailDTO>();
ResultSet rs = null;

String queryStr = "SELECT DATE,ORDER_NAME,DESCRIPTION "
                    + "FROM TESTDB.ORDER_DETAILS WHERE ORDER_ID = :orderId "
                    + "ORDER BY DATE DESC";
org.hibernate.query.Query query = session.createQuery(queryStr).setParameter("orderId", ordId); 
rs = (ResultSet)query.getResultList();

while(rs.next()!=false){                                
  orderDetailDTO.setOrderName(rs.getString("ORDER_NAME"));                          
  orderDetailDTO.setDescription(rs.getString("DESCRIPTION"));
  orderDetailDTO.setDate(rs.getTimestamp("DATE"));
        
  orderList.add(orderDetailDTO);
}
//*************************************************************    
//ordId : This one I have as argument in the method

我必须使用这个参数化的 HQL 来避免 SQL 注入。谁能弄清楚为什么会出现 IllegalArgumentException 的奇怪错误。

Answer 1

解决方案是通过使用实体名称而不是数据库表名称来完成的。有问题。在 JPQL 中，我们需要在查询中使用 java bean 类名。当我用 java bean 字段名称替换 java bean 类名时，一切正常。

在 JPQL 中也不需要提及架构名称，因为在 JPQL 的情况下，休眠将使用架构 由 hibernate.default_schema 配置属性定义。参考网址为https://vladmihalcea.com/how-to-resolve-the-hibernate-global-database-schema-and-catalog-for-native-sql-queries/

下面是工作代码：

数据库表的java代码：

package demo.jpql;

import java.io.Serializable;
import javax.persistence.*;

import java.sql.Timestamp;

@Entity
@Table( name = "ORDER_DETAILS" )
public class OrderDetails  implements Serializable {
    private static final long serialVersionUID = 1L;

    @Column( name = "ORDER_NAME", length = 50 )
    private String orderName;

    @Column( name = "DESCRIPTION", length = 50 )
    private String desc;

    @Column( name = "DATE" )
   private Timestamp    date;

     public String getOrderName() {
      return orderName;
    }
    public void setOrderName(String orderName) {
      this.orderName = orderName;
    }

public String getDesc() {
    return desc;
}
    public void setDesc(String desc) {
      this.desc = desc;
    }

    public Timestamp getDate() {
      return date;
    }
    public void setDate(Timestamp date) {
      this.date = date;
    }
}


//*************************************************************    
OrderDetailDTO orderDetailDTO = new OrderDetailDTO();
List<OrderDetailDTO> orderList = new ArrayList<OrderDetailDTO>();
ResultSet rs = null;

String queryStr = "SELECT date,orderName,desc"
                + "FROM OrderDetails WHERE orderID =:orderId "
                + "ORDER BY date DESC";
org.hibernate.query.Query query = 
session.createQuery(queryStr).setParameter("orderId", ordId); 

List<Object> rsltLstOrderDtls = (List<Object>)query.getResultList();                
Iterator<Object> itr = rsltLstOrderDtls.iterator();

while (itr.hasNext()) {
    Object[] obj = (Object[]) itr.next();       
    orderDetailDTO.setOrderName(String.valueOf(obj[1]));                          
    orderDetailDTO.setDescription(String.valueOf(obj[2]));

    SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss.SSS");
    java.util.Date parsedDate = dateFormat.parse(String.valueOf(obj[0]));
    Timestamp timestamp = new java.sql.Timestamp(parsedDate.getTime());
    orderDetailDTO.setDate(timestamp);
    
    orderList.add(orderDetailDTO);
}
//*************************************************************