-2

For that, I have created a query like this

@Query(value="SELECT"+ retreiveCol +"FROM"+tableName+"WHERE"+condition, nativeQuery = true)
    public Object genericSearch(@Param("retreiveCol") String retreiveCol,@Param("tableName") String tableName,@Param("condition") String condition);

But getting this error:

Hibernate: SELECTFROMWHERE [2m2021-10-23 09:33:09.574[0;39m [33m WARN[0;39m [35m7684[0;39m [2m---[0;39m [2m[nio-8081-exec-3][0;39m [36mo.h.engine.jdbc.spi.SqlExceptionHelper [0;39m [2m:[0;39m SQL Error: 42001, SQLState: 42001 [2m2021-10-23 09:33:09.574[0;39m [31mERROR[0;39m [35m7684[0;39m [2m---[0;39m [2m[nio-8081-exec-3][0;39m [36mo.h.engine.jdbc.spi.SqlExceptionHelper [0;39m [2m:[0;39m Syntax error in SQL statement "SELECTFROMWHERE[*]"; expected "SET, SAVEPOINT, SCRIPT, SHUTDOWN, SHOW"; SQL statement: SELECTFROMWHERE [42001-200] [2m2021-10-23 09:33:09.586[0;39m [31mERROR[0;39m [35m7684[0;39m [2m---[0;39m [2m[nio-8081-exec-3][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet] [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.InvalidDataAccessResourceUsageException: could not prepare statement; SQL [SELECTFROMWHERE]; nested exception is org.hibernate.exception.SQLGrammarException: could not prepare statement] with root cause

org.h2.jdbc.JdbcSQLSyntaxErrorException: Syntax error in SQL statement "SELECTFROMWHERE[*]"; expected "SET, SAVEPOINT, SCRIPT, SHUTDOWN, SHOW"; SQL statement: SELECTFROMWHERE [42001-200]

Dale K
  • 25,246
  • 15
  • 42
  • 71
  • Pretty obvious I would have thought - the SQL you are generating is `SELECTFROMWHERE` i.e. no spaces, no column names, no table name. And that is an extremely unsafe way to query the database, it leaves you completely open to an SQL injection attack. – Dale K Oct 23 '21 at 04:33
  • @DaleK My requirement is to create a query to fetch the data from any table of DB, I have 1200 tables in my DB. So, how can I achieve this by using Spring DATA JPA. Please help me out – Shaik Mahammad Althaf Oct 23 '21 at 08:27
  • I have no idea, but fixing your syntax errors as I explained would be a good start. – Dale K Oct 23 '21 at 08:31
  • @DaleK Okay, I'll try that, but tell me is my approach is correct? – Shaik Mahammad Althaf Oct 23 '21 at 09:57

1 Answers1

0

Not sure you can do that with Spring Data JPA. Your repository must be typed and bound to a specific entity.

Most importantly, your approach will cause a major security issue since it makes SQL injections very easy.

If you're looking for a solution to build dynamic search requests, based on infinite criteria, I suggest investigating spring-boot-starter-data-search.

You can find a demo for jpa here


Disclaimer: I'm a contributor of spring-boot-starter-data-search

adlmez
  • 42
  • 3