Skip to content

Add support for table name placeholder for @Query in JDBC and R2DBC #1856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mipo256 opened this issue Aug 15, 2024 · 8 comments
Closed

Add support for table name placeholder for @Query in JDBC and R2DBC #1856

mipo256 opened this issue Aug 15, 2024 · 8 comments
Assignees
@schauder
Labels
type: enhancement A general enhancement
Milestone
3.4 M1 (2024.1.0)

Comments

@mipo256
Copy link
Contributor

mipo256 commented Aug 15, 2024

Currently, there is no way to reference the name of the table in the SPEL expression in @Query. The behavior I guess should be similar to one we have now in JPA. So something like this:

@Query("SELECT * FROM #{#tableName} WHERE status = #{#status.name()}")
List<MyEntity> findByStatus(Status status);

I think would be the way to go.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 15, 2024
@mp911de
Copy link
Member

mp911de commented Aug 15, 2024

Table-name pre-processing requires an additional step to resolve expressions inline without binding these as parameters. The table name would be rendered in its final form meaning with quotation.

@schauder
Copy link
Contributor

And I guess we would need to parse the whole thing first to determine, which expression we must process with inline String replacement and which become parameters.

@mp911de
Copy link
Member

mp911de commented Aug 15, 2024

JPA does something along the lines of `String.replace("#{#entityName}}", …)" which is pretty isolated and it doesn't introduce much of additional injection risks.

@mipo256
Copy link
Contributor Author

mipo256 commented Aug 15, 2024

@mp911de Maybe I'm wrong, but in JPA the entityName is just added as an additional variable into Evaluation context. I guess this is better then just doing String.replace()...

@mp911de
Copy link
Member

mp911de commented Aug 15, 2024

renderQueryIfExpressionOrReturnQuery runs the entire query through SpEL parsing and expression processing.

The actual SpEL evaluation (and parsing) for parameter values happens here:

https://github.com/spring-projects/spring-data-jpa/blob/5f924440b78f85862d83f978fdbeda10973b42eb/spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/QueryParameterSetterFactory.java#L185-L211

@mp911de mp911de added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 19, 2024
schauder added a commit that referenced this issue Aug 22, 2024
@schauder
SpEL expressions with tablename allowed in JDBC queries.
3755822 
Closes #1856
@schauder schauder mentioned this issue Aug 22, 2024
Closed
schauder added a commit that referenced this issue Aug 28, 2024
@schauder
Support for table names in SpEL expressions.
33786ab 
SpEL expressions in queries get processed in two steps:

1. First SpEL expressions outside parameters are detected and processed.
This is done with a `StandardEvaluationContext` with the variables `tableName` and `qualifiedTableName` added.
This step is introduced by this commit.

2. Parameters made up by SpEL expressions are processed as usual.

Closes #1856
Originial pull request #1863
schauder added a commit that referenced this issue Aug 28, 2024
@schauder
Polishing.
fd6d4e6 
Fixing a test used for performance reasons.

Formatting a test.
Removing public modifier.
Separating test methods from infrastructure.

Original pull request #1863
See #1856
schauder added a commit that referenced this issue Aug 28, 2024
@schauder
Support for table names in SpEL expressions.
21a5f74 
SpEL expressions in queries get processed in two steps:

1. First SpEL expressions outside parameters are detected and processed.
This is done with a `StandardEvaluationContext` with the variables `tableName` and `qualifiedTableName` added.
This step is introduced by this commit.

2. Parameters made up by SpEL expressions are processed as usual.

Closes #1856
Originial pull request #1863
schauder added a commit that referenced this issue Sep 3, 2024
@schauder
Polishing.
22b8795 
Fixing a test used for performance reasons.

Formatting a test.
Removing public modifier.
Separating test methods from infrastructure.

Original pull request #1863
See #1856
schauder added a commit that referenced this issue Sep 3, 2024
@schauder
Support for table names in SpEL expressions.
f87866c 
SpEL expressions in queries get processed in two steps:

1. First SpEL expressions outside parameters are detected and processed.
This is done with a `StandardEvaluationContext` with the variables `tableName` and `qualifiedTableName` added.
This step is introduced by this commit.

2. Parameters made up by SpEL expressions are processed as usual.

Closes #1856
Originial pull request #1863
schauder added a commit that referenced this issue Sep 3, 2024
@schauder
Move query extraction into QueryLookupStrategy.
c563c2c 
JdbcStringBasedQuery no longer extracts the query from the `QueryMethod`.

The logic of applying table name based SpEL expressions moves into the new base class `RelationalQueryLookupStrategy`.

See #1856
Originial pull request #1863
mp911de pushed a commit that referenced this issue Sep 4, 2024
@schauder @mp911de
Polishing.
4221840 
Fixing a test used for performance reasons.

Formatting a test.
Removing public modifier.
Separating test methods from infrastructure.

Original pull request #1863
See #1856
@mp911de mp911de closed this as completed in f937738 Sep 4, 2024
mp911de added a commit that referenced this issue Sep 4, 2024
@mp911de
Polishing.
7277413 
Remove Preprocessor interface. Add property accessors to RelationalQueryLookupStrategy. Reuse property accessors instead of loosely coupled object access.

See #1856
Original pull request #1863
@mp911de mp911de changed the title Add support for table name placeholder in SPEL for @Query in JDBC and R2DBC Add support for table name placeholder for @Query in JDBC and R2DBC Sep 4, 2024
@mp911de mp911de added this to the 3.4 M1 (2024.1.0) milestone Sep 4, 2024
@romych2004
Copy link

Hi, @mp911de!
Thank you for feature!
Please fix documentation file https://github.com/spring-projects/spring-data-relational/blob/main/spring-data-r2dbc/src/test/java/org/springframework/data/r2dbc/documentation/PersonRepository.java

Line @Query("SELECT * FROM #{tableName} WHERE lastname = :lastname")

Expression must be #{#tableName}

@schauder schauder mentioned this issue Feb 21, 2025
Closed
@schauder
Copy link
Contributor

@romych2004 Thanks for letting us know. I created a proper issue for that and resolved it right away.

In the future please create a new ticket directly, because comments on closed issues easily get lost.

@romych2004
Copy link

@schauder ok, I'll keep that in mind, thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schauder schauder

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
3.4 M1 (2024.1.0)
5 participants
@schauder @mp911de @romych2004 @spring-projects-issues @mipo256