模糊查询时用到prepareStatement在SQL语句里的问号如何写
日期:2014-05-17 浏览次数:20854 次
模糊查询时用到prepareStatement在SQL语句里的问号怎么写
我用了prepareStatement(sql)来防止SQL注入问题,出入的SQL语句参数全部用?代替的,但是我有用到模糊查询不知道模糊查询的SQL语句的参数怎么用?取代。
我是这么写的,但是查不到结果,那位高手可以指点一下啊,先谢了:
select * from book_info where book_name like '%?%' and book_type like'%?%' and book_author like '%?%' and book_publisher like '%?%'
------解决方案--------------------
要+连接字符串
select * from book_info where book_name like '%'+?+'%' and book_type like'%'+?+'%' and book_author like '%'+?+'%' and book_publisher like '%'+?+'%'
------解决方案--------------------
select * from book_info where book_name like '%"+?+"%' and book_type like'"%+?+"%' and book_author like '%"+?+"%' and book_publisher like '%"+?+"%'
上面这样写就OK了
记得要多结贴!
------解决方案--------------------
我用了prepareStatement(sql)来防止SQL注入问题,出入的SQL语句参数全部用?代替的,但是我有用到模糊查询不知道模糊查询的SQL语句的参数怎么用?取代。
我是这么写的,但是查不到结果,那位高手可以指点一下啊,先谢了:
select * from book_info where book_name like '%?%' and book_type like'%?%' and book_author like '%?%' and book_publisher like '%?%'
------解决方案--------------------
要+连接字符串
select * from book_info where book_name like '%'+?+'%' and book_type like'%'+?+'%' and book_author like '%'+?+'%' and book_publisher like '%'+?+'%'
------解决方案--------------------
select * from book_info where book_name like '%"+?+"%' and book_type like'"%+?+"%' and book_author like '%"+?+"%' and book_publisher like '%"+?+"%'
上面这样写就OK了
记得要多结贴!
------解决方案--------------------
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
