I have a query string like -
queryStr.append(" ").append(relation.getJoins()[i].getChildSql()).append(" = :join").append(i);
I am using setParameter to set value of :join but Sonar complains possibility of SQL injection. Is it not allowed to append values in setParameter as below -
for (int i = 0; i < parentKeyValues.length; i++) {
query.setParameter("join" + i, parentKeyValues[i]);
}