[英]How do i use regexp with parameters on java-Mysql select query?
I want to select records from a database by many parameters我想通过许多参数从数据库中选择记录
I tried to combine columns with concat and use regex我尝试将列与 concat 结合起来并使用正则表达式
I can run this code but I want to use real parameters instead of 'NAME' and '1100'我可以运行此代码,但我想使用实际参数而不是“NAME”和“1100”
String sorgu =
"Select per.* "
+ "from per_kimlik_bilgileri per"
+ " where "
+ "concat"
+ "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' ,
pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
+ " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
+ "REGEXP 'NAME|1100' " ;
` `
I tried this way but it did not work我试过这种方式,但没有用
String sorgu =
"Select per.* "
+ "from per_kimlik_bilgileri per"
+ " where "
+ "concat"
+ "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' ,
pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
+ " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
+ "REGEXP '"+id+"' | '"+name+"' " ; `
Avoid using concatenation of parameters for your prepared statements.避免在准备好的语句中使用参数串联。 Rather prefer using placeholders by question marks, and substitutions by
preparedStatement.setString()
especially against injection更喜欢使用问号占位符,以及使用 prepareStatement.setString
preparedStatement.setString()
替换,尤其是针对注入
....
PreparedStatement stmt = null;
try {
String sorgu =
"Select per.* from per_kimlik_bilgileri per where concat(pkb_tc_no, '/' , pkb_ad
,'/' , pkb_soyad , '/' , pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'
, pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) REGEXP ?|? " ;
PreparedStatement preparedStatement = conn.prepareStatement(sorgu);
preparedStatement.setString(1, name);
preparedStatement.setString(2, val);
ResultSet rs = preparedStatement.executeQuery();
......
change last line to将最后一行更改为
+ "REGEXP '"+id+"|"+name+"' " ;
the '
makes syntax error. '
使语法错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.