I'm trying to check the next val of a sequence.
Here is the method :
public Long getCodeCommercialOffer(final String seq) {
final Session session = (Session) getEntityManager().getDelegate();
Query q= (Query) session.createQuery("SELECT " + seq + ".nextval FROM dual");
return (Long) q.getSingleResult();
}
Why the return is always null ?
I'm not sure what value you are passing in as the seq name. You might need to append the schema name to the front of the sequence (ex: mySchema.sequenceName). I recommend that you print out the SQL statement you are trying to run, run that statement alone in a database query tool (ex: TOAD), tune the SQL to get it working, then put it back into the code.
Thank you for your answers, finally I found out the solution.
The problem is the cast, i replace it with BigDecimal instead of Long
Related
I am facing Second Order SQL Injection in the Spring-Hibernate application after scanning through the Checkmarx tool, I have gone through multiple questions in StackOverflow and in other platforms as well but did not get the right finding.
could you please look into the below code snip,
public String getOrderId(order_name){
String returnId= null;
Query query = entityManager.createNativeQuery("select order_id from order where order_name=?");
List<String> dataset = query.setParameter(1,order_name).getResultList();
if(dataset!=null){
returnId = dataset. Get(0);
}
return returnId;
}
In this above method, while calling getResultList(), getting a high vulnerability issue that, this method returns data flows through the code without being properly sanitized or validated, and eventually used in further database query in the method.
Earlier code was like this,
public String getOrderId(order_name){
String returnId= null;
String q = "select order_id from order where order_name="+order_name;
Query query = entityManager.createNativeQuery(q);
and directly it was used as a string append in query, which I have modified with set parameter,
Query query = entityManager.createNativeQuery("select order_id from order where order_name=?");
List<String> dataset = query.setParameter(1,order_name).getResultList();
but still after getting data from query.getResultSet(), it is asking for sanitizing and validating the data before use in further database query method.
and this return data is being used in further query like select * from return_Data where clause. (properly used in where clause to set parameter to avoid SQL injection).
and in the above query is used in another method where we pass return_Data as input to it.
could you please help here to know what checks and validation can be added to overcome this type of issue. Thanks in advance for prompt response.
I need to query DB for a max value of 1 column
I'm trying to do it this sway
public static long getLastJobSeqNum(){
return jdbcTemplate.queryForObject("SELECT max(JOBIQ) as JOBIQ FROM JOBS_RUN_STAT", long.class);
}
and I'm getting a nullpointer error even I know that there is 1 row on db; seems like it's not a save way to query for a max value
how to make it properly ?
The problem is that Spring tries to unbox into a long primitive. Therefore if you have no elements the JOBIQ will be null as well. The null Long initially created cannot be unboxed without causing a null pointer. You might use Long.class as a second parameter and wrap the whole method call in an Optional.ofNullable(<jdbcCall>).orElse(<fallbackvalue>)
Please check the below query I am trying to update a row by the composite key
my key combination is like:
int id
int versionId
String languageId
and query is:
#Transactional
#Modifying
#Query("update languageEntity l set l.language = :language where l.languageId = :languageId")
int UpdateProcessLanguage(#Param("language ") String processDesTranslation, #Param("languageId ") UserLanguageId languageId);
I am not getting any exception. function is returning 0, means no row effected.
please check what is worng.
It's hard to say without knowing the data. As a first step I would log the generated SQL statements (see how to log sql statements in spring-boot) and check if they look right.
Why you dont wan't to use save() method for that? Just change language property on your object and pass it to the save method. It will update the row.
I want to retrieve value from db ,based on jsp textbox value please suggest me accurate HQL query for this purpose:
select all from table where name = en and password = pwd
I have tried for above work via this way but got error in
getHibernateTemplate().find("from User where Employee_Name= ?"+ a);
Error -:
java.lang.reflect.InvocationTargetException
You can do this
Query query = session.createQuery("from User where Employee_Name= :name");
query.setParameter("name", "asdf");
List list = query.list();
or you can do the same as on the first answer
Seems like the issue is with the prepaid statement, you must use
hibernatemplate.find(String queryString,Object value)
Look here for more spec.
Hope this code will fix it.
getHibernateTemplate().find("from User where Employee_Name=?",a);
Query query=session.createQuery("from User where Employee_Name= "+"'en'"+
"and Employee_Pass= " + "'pwd'");
List<User> list=query.list();
Iterator<User > itr=list.iterator();
while(itr.hasNext()){
User q=itr.next();
use getter method of User class to fetch all the values
}
I have created a structure and list.
public struct CarMake
{
public string name;
public string id;
}
I added structure objects to this (carMakers) and am trying to query
string selCar = from c in carMakers
where c.name == selectedCarMfgName
select c.id;
I am getting an error near select statement- cannont implicity convert IEnumerable to string. I know that query returns only one value, that's why I have like that.
thanks !
string selCar = (from c in carMakers
where c.name == selectedCarMfgName
select c.id).SingleOrDefault();
Your query returns a collection (with one element). You should use Single() (or SingleOrDefault()) to get that one item. If the query can return more than one result, you should look into First() ( or FirstOrDefault())
Pay attention to the error message. It probably says something like
"cannot implicitly convert IEnumerable<string> to string."
The results of a query of a sequence is another sequence, an IEnumerable<T>. You may know that you expect only one result, but that's not what the query does. To obtain only one result, you can optionally include another extension method on the end.
yourQuery.First();
yourQuery.FirstOrDefault();
yourQuery.Single();
yourQuery.SingleOrDefault();
The difference in these is that the First* variations can work with sequenes with many elements, whereas the Single* variations will throw exceptions if more than one element is present. The *OrDefault variations support the concept of no matching elements, and returns the default value for the type (null in the case of classes, a default value (such as 0 for int) for structs).
Use the version that conforms to your expectation. If you expect one and only one match, prefer Single. If you only care about one out of arbitrarily many, prefer First.
carMakers.Add(new CarMake() { name = "Audi", id = "1234" });
string selCar =(from c in carMakers
where c.name == "Audi"
select c.id).FirstOrDefault();
Output- 1234
I would refactor my query slightly:
var selCar = carMakers.Single(c => c.name == selectedCarMfgName).id;
This assumes you know that the car is in the list. If not, use SingleOrDefault and check the return before getting the id.
I've not done too much with LINQ but because you are selecting into a string you may need to use FirstOrDefault as your statement could return back more than one value yet your string can only hold one.
First will return null value I think if nothing is found but FirstOrDefault will return you a blank string.