参数前缀':'JPA后不允许有空格>> [

问题描述 投票:0回答:1
This is my query: EntityManager em = null; EntityTransaction et = null; try { em = entityManagerFactory.createEntityManager(); et = em.getTransaction(); et.begin(); String q = "UPDATE naeb_application_processes SET process_info="+processinfo+", status=1 WHERE application_id="+naebappid+" AND process_id=44"; System.out.println(q); Query query = em.createNativeQuery(q); query.executeUpdate(); et.commit(); } catch (Exception e) { if(et != null) { et.rollback(); } // TODO: handle exception e.printStackTrace(); resp = "FAILED"; } finally { em.close(); resp = "OK"; }
我收到错误:参数前缀':'后不允许使用空格,我尝试使用\:=进行转义,但没有用

这是我的查询:EntityManager em = null; EntityTransaction et = null;尝试{em = entityManagerFactory.createEntityManager();等= em.getTransaction(); ...

hibernate spring-boot jpa
1个回答
1
投票
问题是您没有使用Prepared Statements,这也使您容易受到SQL注入的攻击。
© www.soinside.com 2019 - 2024. All rights reserved.