String hql="from User as u where u.username= "+username +" and u.password= "+password;
List<User> list = userService.find(hql);
当username和password通过页面传进来的是数字是上面语句没问题,但是当传过来的为字母是就出现:
javax.servlet.ServletException: org.hibernate.hql.internal.ast.QuerySyntaxException: unexpected token: y near line 1, column 52 [from net.cpsec.pojo.User as u where u.username= 123y and u.password= ] org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:515) org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:419) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:119) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)或者:
javax.servlet.ServletException: org.hibernate.exception.SQLGrammarException: could not extract ResultSet org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:515) org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:419) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:119) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)只需要把hql语句改为:
String hql="from User as u where u.username= "+"'"+username+"'" +" and u.password= "+"'"+password
就可以了!!