HibernateQueryException: Expected positional parameter count, but query w/o parameter

Question

during execution query i received error Expected positional parameter count: 1, actual parameters: [] my query not have any parameters, BUT query contains ? as value.

code

session.createSQLQuery(sql).list()

sql

SELECT file.name as `NAME` FROM film WHERE film.name IN ('You say "How I can make it? We' ..."');

EDIT

it also reproduced if search by name that contains ? and '

SELECT file.name as `NAME` FROM film WHERE film.name IN ('?'')

How I can fix it?

Thanks.

@Unknown root cause in ' with ?

boden
– boden

2016-10-12 11:53:17 +00:00
Commented Oct 12, 2016 at 11:53 — boden
– boden, Commented Oct 12, 2016 at 11:53

StanislavL · Accepted Answer · 2016-10-12 11:30:32Z

2

Should work

String[] values= {"You say \"How I can make it? We' ...\""};
String sql = "SELECT file.name as `NAME` FROM film WHERE film.name IN (:values)";
SQLQuery query = session.createSQLQuery(sql);
query.setParameterList("values", values);

and then

query.list();

answered Oct 12, 2016 at 11:30

StanislavL

57.5k9 gold badges75 silver badges100 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

boden Over a year ago

query generated dynamic, i can't handle value into IN

StanislavL Over a year ago

Then your code has SQL injection. Suppose I pass the name variable as '); DROP table users; Will your query drop the table?

boden Over a year ago

no, because it value was into IN and occurred sql exception

Collectives™ on Stack Overflow

HibernateQueryException: Expected positional parameter count, but query w/o parameter

1 Answer 1

3 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

3 Comments

Your Answer

Sign up or log in

Post as a guest

Related