- Details
- Written by Nam Ha Minh
- Last Updated on 29 April 2020 | Print Email
When developing Spring Boot applications with Spring Data JPA and Hibernate, you may want to see the generated SQL statements for testing/debugging purpose. By default, SQL statements are not printed unless you change the default logging level to DEBUG in the application.propertiesfile:
- All Query created from method names with Containing keyword is affected by SQL Injection. DATAJPA-678 Query lookup in spring data with ' or '%' as part of the string being. DATAJPA-1534 Wildcard character needs to be escaped in Spring data JPA. Closed; Activity. Assignee: Jens Schauder Reporter: Maruthi Adithya G Last updater.
- We also use JPA over Hibernate, Spring Data, or Spring JDBC templates quite often. We do run into certain scenarios where you still want to verify if the incoming data string is SQL-Injection.
The Spring Framework supports integration with Hibernate, Java Persistence API (JPA), Java Data Objects (JDO) and iBATIS SQL Maps for resource management, data access object (DAO) implementations, and transaction strategies.
Then you can look for the SQL statements under the logging category org.hibernate.SQL like this:
However, seeing SQL statements this way is not convenient because you have to wade through a lot of unrelated information. And running Spring Boot applications with debug logging level is very slow as a huge amount of information is printed.
So the best way to see SQL statements generated by a Spring Boot application is setting a couple the following entries in the application.propertiesfile:
Spring Data Jpa Sql Injection Tool
Then you can see the SQL statements are nicely formatted like this:
And keep the logging level as default (INFO) or WARN so you can focus only on SQL statements.
Watch the following video to see how to show and format SQL in a Spring Boot project in action: