dynamicquery – Tarik Billa

How to set table name in dynamic SQL query?

December 18, 2023 by Tarik

To help guard against SQL injection, I normally try to use functions wherever possible. In this case, you could do: … SET @TableName=”<[db].><[schema].>tblEmployees” SET @TableID = OBJECT_ID(TableName) –won’t resolve if malformed/injected. … SET @SQLQuery = ‘SELECT * FROM ‘ + QUOTENAME(OBJECT_NAME(@TableID)) + ‘ WHERE EmployeeID = @EmpID’

How to initialize Specification of Spring Data JPA?

December 16, 2023 by Tarik

Specification.where(null) works just fine. It is annotated with @Nullable and the implementation handles null values as it should. The problem is that you are using the and method as if it would modify the Specification, but it creates a new one. So you should use spec = spec.and( … );