[英]Design pattern for building database query
今天,我正在对代码进行自我检查,但代码对我来说并不好(尽管它可以按预期工作)。 所以我想要一种更好的方法。 情况如下:
get me all the staff whose name contains A and who has designation Teacher
。因此对于此类查询,我有很多if语句正在执行字符串查询,但是这对我来说很难看,他们使用PreparedStatement
实现此目的的任何方法 丑陋的代码如下所示
private String getSearchQuery(Staff staffEntity) {
boolean hasAnySearchParam = false;
String query = null;
StringBuilder querybuilder = new StringBuilder("select * from " + DBConstants.StaffBasicInfo.tableName + " left outer join " + DBConstants.StaffAdvInfo.tableName + " on "
+ DBConstants.StaffBasicInfo.staffId + " = " + DBConstants.StaffAdvInfo.staff_adv_info_staffId + " where");
if (staffEntity.getName() != null && (!staffEntity.getName().isEmpty())) {
querybuilder.append(" " + DBConstants.StaffBasicInfo.staffname + " Like '%" + staffEntity.getName() + "%'");
querybuilder.append(" and");
hasAnySearchParam = true;
}
if (staffEntity.getDesignation() != null && (!staffEntity.getDesignation().isEmpty())) {
querybuilder.append(" " + DBConstants.StaffBasicInfo.designation + " Like '%" + staffEntity.getDesignation() + "%'");
querybuilder.append(" and");
hasAnySearchParam = true;
}
if (staffEntity.getAge() != null) {
querybuilder.append(" " + DBConstants.StaffBasicInfo.age + " = " + staffEntity.getAge());
querybuilder.append(" and");
hasAnySearchParam = true;
}
if (staffEntity.getUsername() != null && (!staffEntity.getUsername().isEmpty())) {
querybuilder.append(" " + DBConstants.StaffAdvInfo.username + " Like '%" + staffEntity.getUsername() + "%'");
querybuilder.append(" and");
hasAnySearchParam = true;
}
if (staffEntity.getRole() != null && (!staffEntity.getRole().isEmpty())) {
querybuilder.append(" " + DBConstants.StaffAdvInfo.role + " Like '%" + staffEntity.getRole() + "%'");
querybuilder.append(" and");
hasAnySearchParam = true;
}
if (false == hasAnySearchParam) {
throw new IllegalArgumentException("Check Json: No parameter to search");
} else {
// need to clean query.
query = querybuilder.substring(0, querybuilder.length() - 3);
}
return query;
}
注意现在,我更加关注代码的清晰度,简单性和易用性,稍后我会想到性能问题。
对于这种特殊情况,我将使用带参数的静态查询,其中参数是从Java设置的
WHERE
...
and (:userNameParam is null or staffname like concat('%',:staffnameParam,'%'))
and (:userNameParam is null or username like concat('%',:userNameParam ,'%'))
...
然后只需传递参数userNameParam,userNameParam等。如果它们为null或为空,则传递null。
您的方式为SQL注入留下了可能性
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.