【Slick SQL】如何将列表参数传递到in中

参考:scala - implicit value for slick.jdbc.SetParameter[List[Int]] - Stack Overflow

解决办法示例:

def myMethod(actions: List[Int]) =
  sql"""select something from my_table
        where action in #${actions.mkString("(", ",", ")")}""".as[MyType]

 

关键点:使用#$ 而非 $

 

 

Another danger is with the #$ style of subsঞtuঞon. This is called splicing, and is used when you don’t want SQL escaping to apply. For example, perhaps the name of the table you want to use may change:
val table = "room"
// table: String = "room"
val splicedAction = sql""" select "id" from "#$table" """.as[Long]
// splicedAction: slick.sql.SqlStreamingAction[Vector[Long], Long,
Effect] = slick.jdbc.SQLActionBuilder$$anon$1@26c72ad2

In this situaঞon we do not want the value of table to be treated as a String.

If we did, it’d be an invalid query: select "id" from "'message'" (noঞce the double quotes and single quotes around the table name, which is not valid
SQL).
This means you can produce unsafe SQL with splicing. The golden rule is to never use #$ with input supplied by users.
posted @   梦醒江南·Infinite  阅读(82)  评论(0编辑  收藏  举报
相关博文:
·  【Spark SQL】查看所有Spark SQL参数
·  【Spark】spark.sql.sources.partitionOverwriteMode
·  C# sqlserver 参数化 in、like的传值方法
·  sql server 我们在做游标循环时,如何处理in里面多个id值的参数
·  Mybatis 将table表名作为参数传入
阅读排行:
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【译】Visual Studio 中新的强大生产力特性
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
· 字符编码:从基础到乱码解决
点击右上角即可分享
微信分享提示
AI IDE Trae