问题描述
一个很好的选择是使用准备好的语句:示例
sql= "INSERT INTO imt_database.Comment(error_id,user,content) VALUES (?,?,?);";
try{
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection(URL,"root","toor");
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, Error_id);
ps.setString(2, User);
ps.setString(3, Content);
ps.executeUpdate();
}catch(Exception e)
解决方法
我正在使用Java进行工作,并且具有以下方法:
public ResultSet getRecordsWithinBoundingBox(int spillFarLeftValue,int spillFarRightValue,int spillMostDownwardValue,int spillMostUpwardValue) {
ResultSet resultSet = null;
try {
Statement statement = dbConnection.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
String sql = "SELECT * FROM OTH WHERE (jl<=" + spillMostUpwardValue + " AND (ih>=" + spillFarLeftValue + " AND ih<="
+ spillFarRightValue+ ") OR (il<=" + spillFarRightValue + " AND il>=" + spillFarLeftValue + ")) OR (jh>="
+ spillMostDownwardValue + " AND (ih>=" + spillFarLeftValue + " AND ih<=" + spillFarRightValue + ") OR (il<="
+ spillFarRightValue + " AND il>=" + spillFarLeftValue + ")) OR (il<=" + spillFarLeftValue + " AND ih>="
+ spillFarRightValue + " AND (jl<=" + spillMostUpwardValue + " AND jl>=" + spillMostDownwardValue + ") OR (jh>="
+ spillMostDownwardValue + " AND jh>=" + spillMostUpwardValue + ")) OR (jl<=" + spillMostDownwardValue + " AND jh>="
+ spillMostUpwardValue + " AND (il>=" + spillFarLeftValue + " AND il<=" + spillFarRightValue + ") OR (ih<="
+ spillFarRightValue + " AND ih>=" + spillFarLeftValue + ")) OR (il<=" + spillFarLeftValue + " AND ih>="
+ spillFarRightValue + " AND jl<=" + spillMostDownwardValue + " AND jh>=" + spillMostUpwardValue + ")";
resultSet = statement.executeQuery(sql);
statement.close( );
resultSet.close( );
} catch (SQLException ex) {
Logger.getLogger(DatabaseInteractor.class.getName()).log(Level.SEVERE,null,ex);
}
return resultSet;
}
如您所见,我当前正在使用一个巨大的字符串从数据库中提取数据,并被告知这不是最佳解决方案。但是可悲的是我没有被告知应该怎么做。但是我觉得按照现在的方式组合一条SQL语句是冒险的,而且我想知道获得相同结果的其他方法。