java 如何验证sql查询语法?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1599547/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to validate sql query syntax?
提问by Maddy.Shik
java 1.4 Sql server 2000
java 1.4 Sql server 2000
i am taking input of sql query (for validation of field value against values retrieved by executing sql query) from admin user which will be stored in database and later i will executing sql query corresponding to field.Before inserting sql query in database i want to validate its syntax in java code.
我正在从管理员用户那里获取 sql 查询的输入(用于根据通过执行 sql 查询检索到的值验证字段值),这将存储在数据库中,稍后我将执行与字段对应的 sql 查询。在将 sql 查询插入数据库之前,我想在 java 代码中验证其语法。
Fields Sql Query
stateCode select statecode from states
district code select district code from districts
回答by Erich Kitzmueller
Create a PreparedStatementwith the query string; if this works, the query string is ok (but nothing is executed yet)
使用查询字符串创建一个PreparedStatement;如果这有效,则查询字符串没问题(但尚未执行任何操作)
回答by Peter
dont think there is any (easy) way to validate sql
不要认为有任何(简单的)方法来验证 sql
Sql syntax is complex and allows for alot of different ways to enter a statement.
Sql 语法很复杂,允许以多种不同的方式输入语句。
Think you best shot would be to just execute the sql statent and if you have a SQl exception see if its a bad syntax thats causing it.
认为你最好的办法是只执行 sql 语句,如果你有一个 SQL 异常,看看它是否是导致它的错误语法。
you can prepend some sql to avoid from actually executing the query
您可以在前面添加一些 sql 以避免实际执行查询
in sybase it would be SET NOEXEC ON
在 sybase 中它将是 SET NOEXEC ON
回答by jitter
Why would you let them enter whole sql-statements?
你为什么要让他们输入整个 sql 语句?
Just provide to fields and let them enter either the statecode or the districtcode.
只需提供给字段并让他们输入州代码或地区代码即可。
Then check if the entered value is a number. And run the appropriate query with the entered value.
然后检查输入的值是否为数字。并使用输入的值运行适当的查询。
回答by Gareth Davis
A possible solution would could be to get the explain plan of the query, if it manages to explain the query I guess it must be valid. Down side is that it won't like parametrised queries.
一个可能的解决方案是获取查询的解释计划,如果它设法解释查询,我想它必须是有效的。不利的一面是它不喜欢参数化查询。
回答by erikkallen
You could do SET FMTONLY ON and then execute the query and see if it works. Just remember to do SET FMTONLY OFF in a finally block, since it's a connection-level setting.
您可以执行 SET FMTONLY ON 然后执行查询并查看它是否有效。请记住在 finally 块中执行 SET FMTONLY OFF ,因为它是连接级设置。
