JPQL hibernate for multiple Ikes

Question

JPQL hibernate for multiple Ikes

Asked 8 years, 5 months ago

Viewed 327 times

1

I’m using Hibernate in my project and I’m having doubts about using multiple dynamic Ikes in my research.

I have a simple field on the page where the client can enter a user’s name, but I need it to type 2 names if necessary to return a list.

Example: "John" (Until then ok, I give a simple like in the name john, and my namedQuery looks like this:

"select c from Cliente c where c.nome like :nome"

More when the person type 2 names, I am separating in a list of names, if he type "John Diego" I am giving a split and separating in words to find related names the 2 words obtained.

In the question of split everything ok, more how would my JPQL? if I create one with 2 Likes, and the person type 3 names, would not become dynamic.

Is there any way in JPQL I can give multiple Ikes without the need to create a namedQuery with the quality of Ikes I will do?

EDIT:----------

I found a way to do more I believe is not even close to a correct way. I would like if someone evaluated and could help me.

map.clear();
    map.put("cidade", cidade);

    String[] palavras = pesquisa.split(" ");

    if(palavras.length <= 1){
        map.put("pesquisa", "%"+pesquisa+"%");
        anuncios = (List<Anuncio>) daoMaster.listaPorNamedQuery("efetuaPesquisa", map, Anuncio.class);
    }else{
        query = "select a from Anuncio a where a.cidade = :cidade and (a.nome = '%"+palavras[0].toString()+"'";
        for(int i=1;i < palavras.length;i++){
            query += " OR a.nome like '%"+palavras[i].toString()+"%'";
        }
        for(int i=0;i < palavras.length;i++){
            query += " OR a.descricao like '%"+palavras[i].toString()+"%'";
        }
        query +=")";
        anuncios = (List<Anuncio>) daoMaster.listaPorQueryModificada(query, map, Anuncio.class);
    }

In question, if it is only 1 identified word I am doing a search in a namedQuery already registered in the system, more if the system identifies more than one word, I am creating a query at hand.

At the end the query created was the following:

select a from Anuncio a where a.cidade = :cidade and (a.nome = '%Kelvin' OR a.nome like '%Poket%' OR a.descricao like '%Kelvin%' OR a.descricao like '%Poket%')

Can someone take a look and tell me if there are risks in the way I used? something like sql inject or something like?

Thank you.

2 answers

Browser other questions tagged java hibernate jpql

You are not signed in. Login or sign up in order to post.

by dougg0k • **1,619** points · Answer 1 · 2016-01-06T19:24:18+00:00

Could assign to the second parameter :nome2 the second part of the string of the same attribute, for example, take the second name after a space.

SELECT c FROM Cliente c WHERE c.nome LIKE :nome OR c.nome LIKE :nome2

Alternative

SELECT c FROM Cliente c WHERE c.nome IN (:nome, :nome2)

In the second alternative, the percentage % does not work to pick up pieces of string.

EDIT

Concatenating is not safe in any query, the ideal is to always pass the values by parameters.

EDIT2

A clean and safe way to pass the percentage % in the LIKE is concatenating directly into the query.

Ex:

SELECT c FROM Cliente c WHERE c.nome LIKE CONCAT('%',CONCAT(:nome, '%')) OR c.nome LIKE CONCAT('%',CONCAT(:nome2, '%'))

So you can pass the value of the parameter directly, succinctly without this concatenation and gambiarra mount of Strings.

by Sidney • **667** points · Answer 2 · 2016-01-07T11:31:10+00:00

List<Cliente> clientes = sess.createCriteria(Cliente.class)
    .add( Restrictions.in( "nome", palavras ) ).list()

Try to do so. You do a search using the in in place of or, who seeks all the values you have indicated.