从Java中的字符串中删除特定字符
[英]Remove specific characters from a String in java
问题描述
I have the following query: 
我有以下查询:
select *from activo where id_oficina in(22,23) and id categoría = 'in(1,2)'
How can I remove the "=" character and the single quotes? 如何删除“ =”字符和单引号?
I'm working with kendo Ui and I did not know what can be removed manually. 我正在与kendo Ui合作,我不知道可以手动删除哪些内容。
2 个解决方案
解决方案1
1 2016-01-26 01:51:44
Know nothing of Kendo, but it appears that you're trying to enter 'in(1,2)' in a field and then have that substituted into the query statement, instead of just entering a single value. 对Kendo一无所知,但您似乎正在尝试在字段中输入“ in(1,2)”,然后将其替换为查询语句,而不仅仅是输入单个值。
First off, should be using JDBC bind variables, somehow, any SQL statement created by doing string concatenation is ripe with security holes. 首先,应该使用JDBC绑定变量,以某种方式,通过进行字符串连接创建的任何SQL语句都已经存在安全漏洞。 https://www.owasp.org/index.php/Top_10_2013-A1-Injection https://www.owasp.org/index.php/Top_10_2013-A1-Injection
Second, you can't bind values for an IN the same way as a single value. 其次,您不能以与单个值相同的方式绑定IN的值。 Now, you could always have an IN clause and sometimes you'll bind just a single value. 现在,您始终可以拥有一个IN子句,有时您将仅绑定一个值。 This has been addressed before: How do I bind an ArrayList to a PreparedStatement in Oracle? 之前已经解决了此问题: 如何在Oracle中将ArrayList绑定到PreparedStatement?
解决方案2
0 已采纳 2016-01-26 02:07:44
The replaceAll suggested by @Andy Turner works: @Andy Turner建议的replaceAll可以工作:
String string = "select *from activo where id_oficina in(22,23) and id categoría = 'in(1,2)'";
string = string.replaceAll("[=']", "");
System.out.println(string);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.