PreparedStatement中的参数验证
[英]parameter validation in PreparedStatement
问题描述
I am working on a java app that utilizes PreparedStatement. 
我正在使用利用PreparedStatement的Java应用程序。
SELECT FIELD1, FIELD2 FROM MYTABLE WHERE (FIELD1='firstFieldValue' OR FIELD1='' or 'firstFieldValue'='');
firstFieldValue is a parameter. firstFieldValue是一个参数。 And it is necessary to check that its value is empty in SQL. 并且有必要检查其值在SQL中是否为空。
I created a prepared statement with the following parametrized SQL: 我使用以下参数化的SQL创建了一条准备好的语句:
SELECT FIELD1, FIELD2 FROM MYTABLE WHERE (FIELD1=? OR FIELD1='' or ?='');
and I set values as follows: 我将值设置如下:
preparedStatementInstance.setString(1, this.firstFieldValue);
preparedStatementInstance.setString(2, this.firstFieldValue);
This way does not work. 这种方式行不通。 Execution fails. 执行失败。
I think the prepared statement SQL is wrong. 我认为准备好的语句SQL是错误的。
How can I fix the SQL for prepared statement for this case? 在这种情况下,如何为准备好的语句修复SQL?
2 个解决方案
解决方案1
1 已采纳 2011-08-26 09:03:04
Just check it in java. 只需在Java中检查它即可。
if firstFieldValue.equals("")
then SELECT FIELD1, FIELD2 FROM MYTABLE
else
SELECT FIELD1, FIELD2 FROM MYTABLE WHERE (FIELD1=? OR FIELD1='');
preparedStatementInstance.setString(1, this.firstFieldValue);
解决方案2
0 2011-08-26 09:12:17
there is no 'i think it is wrong' in executing sql's, either it is correct and it executes the query or the sql is wrong and you get an sqlexception 在执行sql时没有“我认为这是错误的”,它是正确的并且它执行了查询,或者sql是错误的,并且您得到了sqlexception
If it fails you should provide the forum with the stacktrace so we dont have to mindread. 如果失败,则应向论坛提供stacktrace,因此我们不必介意。
what do you mean with 'empty'? “空”是什么意思? empty as a empty string or as null in the db 在数据库中为空字符串或为null
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.