好长时间不写,连文章入口在哪都不知道!!!!
解决sql注入问题,测试in语法的时候,怎么都查不到数据.后来发现我应该用
setParameterList(),而不是setParameter().
String a = "140421197501105174,140421197501105174";
List<Map<String, String>> returnList = new ArrayList<Map<String, String>>();
Query q = session.createSQLQuery("select * from ** where userId in (:userId)");
List<String> s = Arrays.asList(a.split(","));
q.setParameter("userId",a.split(","));
String b = q.getQueryString();
List aa = q.list();