Prevent SQL injection with Hibernate
问题 I'm going through Hibernate and I know that you can prevent SQL injection with HQL: String query1 = "from Obj where id = "+ id; String query2 = "from Obj where id = :id"; query1 is unsafe while query2 is safe. How can I achieve safe queries with Criteria? Is this already implemented or do I have to do something else? Criteria c = session.createCriteria(Obj.class); c.add(Restrictions.eq("id", 5)); 回答1: I'm going through Hibernate and I know that you can prevent SQL injection with HQL: It is a