【Slick SQL】如何将列表参数传递到in中

参考:scala - implicit value for slick.jdbc.SetParameter[List[Int]] - Stack Overflow

解决办法示例:

def myMethod(actions: List[Int]) =
  sql"""select something from my_table
        where action in #${actions.mkString("(", ",", ")")}""".as[MyType]

 

关键点:使用#$ 而非 $

 

 

Another danger is with the #$ style of subsঞtuঞon. This is called splicing, and is used when you don’t want SQL escaping to apply. For example, perhaps the name of the table you want to use may change:
val table = "room"
// table: String = "room"
val splicedAction = sql""" select "id" from "#$table" """.as[Long]
// splicedAction: slick.sql.SqlStreamingAction[Vector[Long], Long,
Effect] = slick.jdbc.SQLActionBuilder$$anon$1@26c72ad2

In this situaঞon we do not want the value of table to be treated as a String.

If we did, it’d be an invalid query: select "id" from "'message'" (noঞce the double quotes and single quotes around the table name, which is not valid
SQL).
This means you can produce unsafe SQL with splicing. The golden rule is to never use #$ with input supplied by users.
posted @ 2022-03-26 13:23  梦醒江南·Infinite  阅读(79)  评论(0编辑  收藏  举报