In order to prevent SQL Injection i am trying to convert dynamic queries to named parameter query.. however, when i am using this code -
String query = "from Ad a left join fetch a.adQueries left join fetch a.aduser u left join fetch u.profile where a.id =:identifier";
Query q = s.createQuery(query);
q.setParameter("identifier", id);
No data is returned from DB even though the data is there and the same query in dynamic form return data
and when i use this code -
String query = "from Ad a left join fetch a.adQueries left join fetch a.aduser u left join fetch u.profile where a.id =:identifier";
Query q = s.createQuery(query);
q.setLong("identifier", id);
it throws a Null pointer exception..
Please let me know where i am going wrong
Thanks
