Created HQL Query with string : " select * from tableName where id=1 order by id desc 'any content' ". Its executing with no error. Generated SQL : " select * from tableName where id=1 order by id desc "
Here, for hql with order by clause, anything written after order by inside '...' is removed.
Is this behavior is for sql injection threat or its a bug in translation engine?
|