[英]How do I use SQL prepared statements in a Servlet?
如果我需要使用准备好的语句,我该怎么办?
Statement statement = conn.createStatement();
String sql ="SELECT * FROM polls WHERE pollname LIKE '%"+search+"%' or side1 LIKE '%"+search+"%' or side2 LIKE '%"+search+"%' ORDER BY totalvotes DESC";
ResultSet resultSet = statement.executeQuery(sql);
if(resultSet.next() == false){
使用PreparedStatement
,使用?
到参数占位符,然后使用setXXX
跨参数索引设置参数值(参数索引从 1 开始,而不是 0)。
代码下方:
PreparedStatement preparedStatement = conn.prepareStatement(
"SELECT * FROM polls WHERE pollname LIKE ? or side1 LIKE ? or side2 LIKE ? ORDER BY totalvotes DESC");
String searchWizard = "%" + search + "%";
preparedStatement.setString(1, searchWizard);
preparedStatement.setString(2, searchWizard);
preparedStatement.setString(3, searchWizard);
ResultSet resultSet = preparedStatement.executeQuery();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.