Escape -- in createSqlQuery

tong123123 · September 11, 2020, 3:46am

The code is as follow:

sql = " select '--', staff_no from staff where staff_no = ?";
Session session2 = HibernateUtil.getCurrentSession();               
Query sqlQuery2 = session2.createSQLQuery(sql);             
sqlQuery2.setParameter(0, "04415");  //error in this line

When run, error

Caused by: org.hibernate.QueryParameterException: Position beyond number of declared ordinal parameters. Remember that ordinal parameters are 1-based! Position: 1

is thrown, I know this is caused by the ‘–’ in sql string, hibernate interpret it as sql comment!!

If I run

sql = " select '-', staff_no from staff where staff_no = ?";

no problem is found.

So how to escape the ‘–’ in hibernate createSqlQuery ?

I try to use

    sql = " select \"--\", staff_no from staff where staff_no = ?";
    sql = " select \\'--\\', staff_no from staff where staff_no = ?";
   sql = " select \'--\', staff_no from staff where staff_no = ?";

but all still thrown the same error.

org.hibernate.QueryParameterException: Position beyond number of declared ordinal parameters. Remember that ordinal parameters are 1-based! Position: 1

beikov · November 4, 2020, 8:11pm

Why are you using position 0 for binding the parameter when the exception clearly says that positions are 1 based? You should use this instead:

sqlQuery2.setParameter(1, "04415");

Topic		Replies	Views
Are positional parameters no longer available? Hibernate ORM	2	1664	July 7, 2023
Inline Character parameter throws NullPointerException Hibernate ORM	0	1013	June 9, 2020
How to set escape character in Postgres Like query? Hibernate ORM	3	15	November 11, 2024
Hibernates adds `escape ''` to LIKE in PostgreSQL Hibernate ORM	1	217	July 9, 2024
It is necessary to write redundant "ESCAPE '\'" after every LIKE expression Hibernate ORM	4	1554	March 4, 2024

Escape -- in createSqlQuery

Related topics