String hql="from User as u where u.username= "+username +" and u.password= "+password;
List<User> list = userService.find(hql);
當username和password通過頁面傳進來的是數字是上面語句沒問題,但是當傳過來的爲字母是就出現:
javax.servlet.ServletException: org.hibernate.hql.internal.ast.QuerySyntaxException: unexpected token: y near line 1, column 52 [from net.cpsec.pojo.User as u where u.username= 123y and u.password= ] org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:515) org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:419) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:119) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)或者:
javax.servlet.ServletException: org.hibernate.exception.SQLGrammarException: could not extract ResultSet org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:515) org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:419) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:119) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)只需要把hql語句改爲:
String hql="from User as u where u.username= "+"'"+username+"'" +" and u.password= "+"'"+password
就可以了!!