参考:scala - implicit value for slick.jdbc.SetParameter[List[Int]] - Stack Overflow
解决办法示例:
def myMethod(actions: List[Int]) = sql"""select something from my_table where action in #${actions.mkString("(", ",", ")")}""".as[MyType]
关键点:使用#$ 而非 $
Another danger is with the #$ style of subsঞtuঞon. This is called splicing, and is used when you don’t want SQL escaping to apply. For example, perhaps the name of the table you want to use may change:
val table = "room" // table: String = "room" val splicedAction = sql""" select "id" from "#$table" """.as[Long] // splicedAction: slick.sql.SqlStreamingAction[Vector[Long], Long, Effect] = slick.jdbc.SQLActionBuilder$$anon$1@26c72ad2
In this situaঞon we do not want the value of table to be treated as a String.
If we did, it’d be an invalid query: select "id" from "'message'" (noঞce the double quotes and single quotes around the table name, which is not valid
SQL).
This means you can produce unsafe SQL with splicing. The golden rule is to never use #$ with input supplied by users.