我正在为Scala中的类编写一些数据库查询帮助器方法.
I am writing some database query helper methods for my classes in Scala.
此select方法旨在从产品"表中删除某些列,这些列指定为所需列的逗号分隔列表(字符串).
This select method is intended to pluck certain columns from the Product table, specified as a comma-seperated list (String) of the desired columns.
我希望能够这样称呼它:Product.select("id, title")
I want to be able to call it like this: Product.select("id, title")
以下代码不起作用:
def select(columns: String) = { DB.readOnly{ implicit session => sql"select ${columns} from $sqlTable limit 1000".map(row => Product(row)).list.apply() }}但是此代码(仅用于说明目的)确实有效
But this code (for illustration purposes only) does
def select(columns: String) = { DB.readOnly{ implicit session => var x = sqls"id, title, description, available_online" sql"select ${x} from $sqlTable limit 1000".map(row => Product(row)).list.apply() }}现在,显然我不想将列硬编码到该方法中,但是我想使用columns参数字符串来完成此操作(希望您能抓住我的麻烦).如何在列字符串上应用sqls插值器?
Now, obviously I don't want to hard code columns into the method, but i want to do this with the columns parameter string (I hope you catch my drift). How can I apply the sqls interpolator on the columns string?
类似于var x = sqls(columns)
此处,您可以在sqls和sql插值器上找到更多信息
Here you can find more info on the sqls and sql interpolators
如果您需要更多信息,请发表评论,感谢您的反馈.
Please comment if you require more information and I'd appreciate your feedback.
推荐答案您可以改用SQLSyntax#createUnsafely.
github/scalikejdbc/scalikejdbc/blob/2.2.0/scalikejdbc-core/src/main/scala/scalikejdbc/interpolation/SQLSyntax.scala#L220
这是一个危险的API.我知道您非常了解SQL注入漏洞.
This is a dangerous API. I know you're aware of SQL injection vulnerability so much.
更多推荐
在Scala中的变量上调用字符串插值器
发布评论