1

I need to set a table name dynamically so that I use query.setText(tname,abc)

e.g: select a.name from :tname where a.id = '2'

I used setText() because when I use setString() it says "tname is a invalid parameter" because I assume that Hibernate adds '' when setting string parameters.

But even setText() does not help and gives the same exception.

How can I set the table name dynamically?

Reply to PSR:

So you mean replace table name as a java string replacement. But then we can not take support of sql injections prevention etc from hibernate right? Also How we bind parameters in hibernate in a situation where like statement,

Eg: name like "%:name%"

This also gives me Illegal argument exception: Parameter does not exist as a named parameter when i try to bind it using query.setString(name,"def");

Improve this question

3 Answers 3

Reset to default
4

Hibernate will not do this for you, because it works with PreparedStatements, and you can't prepare a statement where the table being queried isn't known yet.

I don't see why you would be exposing table names to end users, so preventing SQL injection doing a regular string substitution should be easy. You use some sort of business logic to determine the correct table from a list that only you know. The table name isn't coming from user input at all.

Depending on your choice of RDBMS, you may find a discriminator column, or table inheritance with partitioning to be a better way of handling a situation where identical queries are made against different tables.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It is not possible to set table name dynamically.You can set dynamically column names.it is not possible to set table name

try like this

select a.name from '+table name+'where a.id = '2'
Improve this answer

1 Comment

please find the reply in the question
0

In my opinion, There are 2 ways to resolve this issue:

1- If you are using Spring and Hibernate together, you could use SpEL and it would be like #{#entityName} as it is described here

@Entity
public class User {

  @Id
  @GeneratedValue
  Long id;

  String lastname;
}

public interface UserRepository extends JpaRepository<User,Long> {

  @Query("select u from #{#entityName} u where u.lastname = ?1")
  List<User> findByLastname(String lastname);
}

2-You could use CriteriaBuilder like

CriteriaQuery<YourEntity> cr = cb.createQuery(YourEntity.class);
Root<YourEntity> root = cr.from(YourEntity.class);
cr.select(root);

I copied the source codes from the provided links and they are described there much better

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.