Skip to main content
Hint

This article is generated by AI translation.

SQL Injection

Please note

SQL injection is dangerous. You must ensure injected content is safe.

Use ${...} to fetch named arguments and inject the result into SQL text.

Example: Argument-driven sorting via SQL injection
select * from users where id > #{id} order by ${order}

Basic Usage

Map<String, Object> args = CollectionUtils.asMap(
        "id", 2,
        "order", "name desc"
);
jdbcTemplate.queryForList("select * from users where id > #{id} order by ${order}", args);