Binding value in orderby not working with NamedParameterJdbcTemplate

Question

SELECT * FROM `student` ORDER BY :sortName :sortDir Limit :limitFrom,:limitCount;

Code java:

    Map<String, Object> paramMap = new HashMap<String, Object>();
    paramMap.put("sortName", "%" + sortName + "%");
            paramMap.put("sortDir", sortDir);
            paramMap.put("limitFrom", pageIndex * pageSize);
            paramMap.put("limitCount", pageSize);
    List<Student> list = (List<Student>) super.getNamedParameterJdbcTemplate().query(sqlSearch, paramMap, new StudentMapper());

protected NamedParameterJdbcTemplate getNamedParameterJdbcTemplate() {
        return namedParameterJdbcTemplate;
    }

input is (pageIndex, pageSize, sortName, sortDir) = (2,2,"id", "desc") real output: 8 9 10 11 (with id) expectation: 11 10 9 8

Answer 1

Placeholders like ? and :param can only be used for parameter values not for column names, sorting and pagination purposes. For those requirements you should safely concatenate strings together.