I want to select records from a database by many parameters
I tried to combine columns with concat and use regex
I can run this code but I want to use real parameters instead of 'NAME' and '1100'
String sorgu =
"Select per.* "
+ "from per_kimlik_bilgileri per"
+ " where "
+ "concat"
+ "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' ,
pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
+ " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
+ "REGEXP 'NAME|1100' " ;
`
I tried this way but it did not work
String sorgu =
"Select per.* "
+ "from per_kimlik_bilgileri per"
+ " where "
+ "concat"
+ "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' ,
pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
+ " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
+ "REGEXP '"+id+"' | '"+name+"' " ; `
Avoid using concatenation of parameters for your prepared statements. Rather prefer using placeholders by question marks, and substitutions by preparedStatement.setString()
especially against injection
....
PreparedStatement stmt = null;
try {
String sorgu =
"Select per.* from per_kimlik_bilgileri per where concat(pkb_tc_no, '/' , pkb_ad
,'/' , pkb_soyad , '/' , pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'
, pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) REGEXP ?|? " ;
PreparedStatement preparedStatement = conn.prepareStatement(sorgu);
preparedStatement.setString(1, name);
preparedStatement.setString(2, val);
ResultSet rs = preparedStatement.executeQuery();
......
change last line to
+ "REGEXP '"+id+"|"+name+"' " ;
the '
makes syntax error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.