I am using OpenJPA in my work.
Sometimes I have to use JPQL and sometimes I have to use native query(em.createNativQuery).
I am witnessing a big issue with native query. I have to provide schema name too.
Like for JPQL I can write:
em.createQuery("Select e from Entity_name e").getResultList();
But in case of native query I need to do:
em.createNativeQuery("Select e from SCHEMANAME.Table_name e").getResultList()
Why is it so?And isn't this wrong behaviour as schema name may vary with time.
Try specifying the following property in your configuration.
<property name="openjpa.jdbc.Schema" value="SCHEMANAME"/>
If you use both JPQL and native queries, try to add the actual entity as follows.
e.g Query query = em.createNativeQuery("SELECT * FROM MAG", Magazine.class);
Otherwise you might face data inconsistency issues like dirty reads, lost updates .etc
UPDATE
Query createNativeQuery(java.lang.String sqlString,
java.lang.Class resultClass)
Create an instance of Query for executing a native SQL query.
Parameters: sqlString - a native SQL query string
resultClass - the class of the resulting instance(s)
Hope this helps.
Related
Hello for demonstration purposes I trimmed out my actual sql query.
I have a SQL query
SELECT *
FROM dbdev.training.courses
where dbdev is my DEV database table name. When I migrate to TEST env, I want my query to dynamically change to
SELECT *
FROM dbtest.training.courses
I tried using input parameters like {env: p('db_name')} and using in the query as
SELECT * FROM :env.training.courses
or
SELECT * FROM (:env).training.courses
but none of them worked. I don't want my SQL query in properties file.
Can you please suggest a way to write my SQL query dynamically based on environment?
The only alternative way is to deploy separate jars for different environments with different code.
You can set the value of the property to a variable and then use the variable with string interpolation.
Warning: creating dynamic SQL queries using any kind of string manipulation may expose your application to SQL injection security vulnerabilities.
Example:
#['SELECT * FROM $(vars.database default "dbtest").training.courses']
Actually, you can do a completely dynamic or partially dynamic query using the MuleSoft DB connector.
Please see this repo:
https://github.com/TheComputerClassroom/dynamicSQLGETandPATCH
Also, I'm about to post an update that allows joins.
At a high level, this is a "Query Builder" where the code that builds the query is written in DataWeave 2. I'm working on another version that allows joins between entities, too.
If you have questions, feel free to reply.
One way to do it is :
Create a variable before DB Connector:
getTableName - ${env}.training.courses
Write SQL Query :
Select * from $(getTableName);
As I read in a lot of articles, when I use JPA/Hibernate query it is good to set parameters in my queries so SQL injection is avoided. Like:
select user from User user where user.name = :name and user.surname = :surname
My problem is that in some cases I need to use native query when I create my query.
I will use my entity manager and createNativeQuery. But in this case the parameters will be positional. Like:
select * from users where user_name = ? and user_surname = ?
Then in my query I will use the method setParameter(1, "name") etc. So is this case "sql injection proof" like when in the parameterized query?
if you do not use string operations for building your query like
"SELECT foo FROM bar Where id="+myParameter+" more sql ..."
, then you will not have any vulnerabilities.
Currently (community correct me if I am wrong) no vulnerabilities exist within the latest PDO database abstraction layer.
However testing your queries for known and unknowns while sanitizing and filtering input will help eliminate the possibility of an injection in the event of a zero day exploit.
I currently use a combination of filtering input, charset expectations, stored procedures and strict requirements on their arguments prior to any and all dynamically created queries
I'm looking for a way to programmatically execute arbitrary SQL commands against my DB.
(Hibernate, JPA, HSQL)
Query.createNativeQuery() doesn't work for things like CREATE TABLE.
Doing LOTS of searching, I thought I could use the Hibernate Session.doWork().
By using the deprecated Configuration.buildSesionFactory() seems to show that doWork won't work.
I get "use lacks privilege or object not found" for all the CREATE TABLE statements.
So, what other technique is there for executing arbitratry SQL statements?
There were some notes on using the underlying JDBC Statement, but I haven't figure out how to get a JDBC Connection object from Hibernate to try that.
Note that the hibernate.hbm2ddl.auto=create setting will NOT work for me, as I have ARRAY[] columns which it chokes on.
I don't think there is any problem executing a create table statement with a Hibernate native query. Just make sure to use Query.executeUpdate(), and not Query.list() or Query.uniqueResult().
If it doesn't work, please tell us what happens when you execute it, and join the full stack trace of the exception and the SQL query you're executing.
"use lacks privilege or object not found" in HSQL may mean anything, for example existence of a table with the same name. Error messages in HSQL are completely misleading. Try listing your tables using DatabaseMetadata - you have probably already created the table.
I tried session.createSQLQuery("ALTER TABLE People MODIFY address VARCHAR(1000);").executeUpdate();
but this throws org.hibernate.exception.SQLGrammarException: could not execute native bulk manipulation query
After a lot of googling, the recommendation is to use HQL instead of SQL query to do bulk updates. Not sure how to use HQL to accomplish this. There seems to be no decent HQL documentation for updating column length in a table.
Thanks so much for the help.
I suggest you to run this native SQL query via session.connection().
See section 16.2.2.1. Rules/limitations for using stored procedures of Chapter 16. Native SQL, it's near your ALTER query.
All the rest depends on your database vendor. Good Luck!
I could not find a way. Looks like a limitation. I added a new field and copied over data from old field at start-up!
I have this problem.
I have a module (module 1) that use Nhibernate to manage entity persistence; this module interacs with an other module (module 2).
The "module 2" allows to generate dynamically native SQL where clause. Now I would use it to manage filter operation in "module 1".
Which is the bast way to do it?
Is possible get the native SQL Select from "Nhibernate" entity without write manually it?
Then, if I get the native SQL Select statement I can easily apply where. Is there a better way?
Otherwise, is possible translate navite SQL statement to HQL statement?
i don't exactly understand your problem but it seems to me that filters is what you want
Really I had a old procedure that build where clause and return it in SQL Native Format (according to specific preset)...now to solve my problem I have modified the procedere to obtain the where clause in HQL Format so apply it to my entity. So it works.