- String query = "FROM PolicyEntity where policyName = '"+policyEntity.getPolicyName()+"' and scope ='"+policyEntity.getScope()+"'";
- List<Object> queryData = controller.getDataByQuery(query);
+ String query = "FROM PolicyEntity where policyName = :policyName and scope = :policyScope";
+ SimpleBindings params = new SimpleBindings();
+ params.put("policyName", policyEntity.getPolicyName());
+ params.put("policyScope", policyEntity.getScope());
+ List<Object> queryData = controller.getDataByQuery(query, params);