[英]SQL Query for a search function
我想用多個Java Swing組件做一個Search函數,用戶可以在其中搜索(名稱/國籍/專業/經驗),結果將顯示在Jtable中。
我只是在苦苦思索SQL查詢,好像用戶只鍵入了一個'name',沒有數據會被檢索,因為它會像這樣(name,null,null,null)進入數據庫,而且我沒有任何null我的數據庫中的值。
所以我想要檢索具有該名稱的所有數據而不管其他列,但同時,如果他們也選擇了特定的專業,我想要檢索具有所選名稱和專業的所有數據,依此類推。
我希望你理解我的問題。
我當前的SQL語句:
public ArrayList<Applications> getData(String name, String nationality, String specialty, String experience) {
ArrayList<Applications> list = new ArrayList<Applications>();
Connection con = getConnection();
Statement st;
ResultSet rows;
try {
st = con.createStatement();
rows = st.executeQuery("SELECT * FROM applications WHERE name LIKE '%" + name+"%'"
+ " AND (nationality LIKE '" + nationality+"')"
+ " AND (specialty LIKE '" + specialty+"')"
+ " AND (experience LIKE '" + experience+"')");
Applications applications;
while(rows.next()) {
applications = new Applications(
rows.getInt("id"),
rows.getString("name"),
rows.getString("nationality"),
rows.getString("Specialty"),
rows.getString("experience")
);
list.add(applications);
}
} catch (SQLException ex) {
Logger.getLogger(MyQuery.class.getName()).log(Level.SEVERE, null, ex);
}
return list;
}
讓我們看看你的查詢:
rows = st.executeQuery("SELECT * FROM applications WHERE name LIKE '%" + name+"%'"
+ " AND (nationality LIKE '" + nationality+"')"
+ " AND (specialty LIKE '" + specialty+"')"
+ " AND (experience LIKE '" + experience+"')");
這里,由於只給出了name
,其他值為null
。 如果您編寫此代碼用於測試目的:
String foo = null;
System.out.println(foo + "");
輸出將是
“空值”
因此,由於您的值為null
,因此生成的查詢將為
SELECT * FROM applications WHERE name LIKE '%Rowan Atkinson%'
AND (nationality LIKE 'null')
AND (specialty LIKE 'null')
AND (experience LIKE 'null')
首先,讓我們確保在null
情況下得到空String
:
rows = st.executeQuery("SELECT * FROM applications WHERE name LIKE '%" + ((name == null) ? "" : name)+"%'"
+ " AND (nationality LIKE '" + ((nationality == null) ? "" : nationality)+"')"
+ " AND (specialty LIKE '" + ((specialty == null) ? "" : specialty)+"')"
+ " AND (experience LIKE '" + ((experience == null) ? "" : experience)+"')");
接下來的問題是你只是在name
%
,這也是不正確的,所以讓我們解決這個問題:
rows = st.executeQuery("SELECT * FROM applications WHERE name LIKE '%" + ((name == null) ? "" : name)+"%'"
+ " AND (nationality LIKE '%" + ((nationality == null) ? "" : nationality)+"%')"
+ " AND (specialty LIKE '%" + ((specialty == null) ? "" : specialty)+"%')"
+ " AND (experience LIKE '%" + ((experience == null) ? "" : experience)+"%')");
現在閱讀YCF_L的答案,這樣您就可以使用PreparedStatement的命名參數。
下面的代碼可能會給你預期的結果。
StringBuilder sql=new StringBuilder("SELECT * FROM applications WHERE 1=1 ");
if(!name.isEmpty()){
sql.append(" AND name LIKE '%" + name+"%'");
}
if(!nationality.isEmpty()){
sql.append(" AND (nationality LIKE '" + nationality+"')");
}
if(!specialty.isEmpty()){
sql.append(" AND (specialty LIKE '" + specialty+"')");
}
if(!experience.isEmpty()){
sql.append(" AND (experience LIKE '" + experience+"')");
}
rows = st.executeQuery(sql.toString());
試試這個
在這種情況下,您有兩個解決方案:
我將給你一個關於第二個的例子,你可以使用NamedParameterStatement
它就像PrepapredStatement
來避免語法錯誤和SQL注入:
String query = "SELECT * FROM applications"
+ " WHERE (:name is null or name LIKE CONCAT('%', :name, '%')) "
+ " AND (:nationality is null or nationality LIKE :nationality)"
+ " AND (:specialty is null or specialty LIKE :specialty)"
+ " AND (:experience is null or experience LIKE :experience)";
NamedParameterStatement namedParametterStatement =
new NamedParameterStatement(connection, query);
namedParametterStatement.setString("name", name);
namedParametterStatement.setString("nationality", nationality);
namedParametterStatement.setString("specialty", specialty);
namedParametterStatement.setString("experience", experience);
注意這個例子:
(:nationality is null or nationality LIKE :nationality)
它將檢查nationality
是否為空或國籍如你傳遞的價值,這樣你就避免了空。
一些很好的參考:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.