堆栈内存溢出
  简体   繁体   English

我如何在 java-Mysql 选择查询上使用带有参数的正则表达式?

[英]How do i use regexp with parameters on java-Mysql select query?

 原文  2019-08-03 15:51:32       java/ mysql/ regex/ concat

问题描述

I want to select records from a database by many parameters我想通过许多参数从数据库中选择记录

I tried to combine columns with concat and use regex我尝试将列与 concat 结合起来并使用正则表达式

I can run this code but I want to use real parameters instead of 'NAME' and '1100'我可以运行此代码,但我想使用实际参数而不是“NAME”和“1100”

String sorgu = 
    "Select per.* "
    + "from per_kimlik_bilgileri per"
    + " where  "
    + "concat"
    + "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' , 
   pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
    + " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
    +  "REGEXP   'NAME|1100'  " ;

` `

I tried this way but it did not work我试过这种方式,但没有用

String sorgu = 
    "Select per.* "
    + "from per_kimlik_bilgileri per"
    + " where  "
    + "concat"
    + "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' , 
    pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
    + " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
    +   "REGEXP   '"+id+"' | '"+name+"'  " ;  `

2 个解决方案

解决方案1
 1 已采纳  2019-08-03 17:02:24

Avoid using concatenation of parameters for your prepared statements.避免在准备好的语句中使用参数串联。 Rather prefer using placeholders by question marks, and substitutions by preparedStatement.setString() especially against injection更喜欢使用问号占位符,以及使用 prepareStatement.setString preparedStatement.setString()替换,尤其是针对注入

....
PreparedStatement stmt = null;
try {
     String sorgu = 
    "Select per.* from per_kimlik_bilgileri per where  concat(pkb_tc_no, '/' , pkb_ad 
    ,'/' , pkb_soyad , '/' , pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'
    , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) REGEXP ?|?  " ; 

    PreparedStatement preparedStatement = conn.prepareStatement(sorgu);

    preparedStatement.setString(1, name);
    preparedStatement.setString(2, val);

    ResultSet rs = preparedStatement.executeQuery();
    ......

解决方案2
 0  2019-08-03 16:45:37

change last line to将最后一行更改为

+   "REGEXP   '"+id+"|"+name+"'  " ;

the ' makes syntax error. '使语法错误。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java-MySQL:如何创建存储过程 - Java-MySQL: How to create a Stored Procedure 如何在Java-mysql中验证用户名和密码? - How to verify username and password in Java-mysql? 未在java-mySQL中创建表 - Table is not created in java-mySQL Java-MySQL高负载应用程序崩溃 - Java-mysql highload application crash 登录表单错误+ JDBC CONNECTIVITY(JAVA-MYSQL) - a login form error + JDBC CONNECTIVITY(JAVA-MYSQL) 如何在Java程序中使用RegExp? - How I use RegExp in my Java program? 外键约束格式不正确-Java-mysql - Foreign key constraint is incorrectly formed - java-mysql Struts Java-mysql WSO2部署错误 - Struts java-mysql WSO2 deployment error 如果在MySql查询中如何使用此方法? - How do I use this if else in a MySql query? 在Java中,如何在方法参数中正确使用抽象类? - In Java, how do I properly use an abstract classes in method Parameters?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM