I have an application that uses EntityManager.createNativeQuery. Our quality gate(Sonar) is not so happy about it and shows me a critical error due to the risk of SQL-injection. Is there a “safe” way to create a dynamic sql-query in java?
My current code below:
return entityManager.createNativeQuery(stringBuilder.toString(), MyClass.class).getResultList();