- String query = "FROM PolicyEntity where policyName = '"+split[1]+"' and scope ='"+split[0]+"'";
- List<Object> queryData = controller.getDataByQuery(query);
+ String query = "FROM PolicyEntity where policyName = :split_1 and scope = :split_0";
+ SimpleBindings policyParams = new SimpleBindings();
+ policyParams.put("split_1", split[1]);
+ policyParams.put("split_0", split[0]);
+ List<Object> queryData = controller.getDataByQuery(query, policyParams);