Java 在 JDBC 的 QUERY WHERE 子句中指定变量名
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2608376/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Specifying a variable name in QUERY WHERE clause in JDBC
提问by Noona
Could someone please give me a link on how to create a query in JDBC that gets a variable name in the WHERE statement, or write an example, to be more specific, my code looks something like this:
有人可以给我一个关于如何在 JDBC 中创建查询以获取 WHERE 语句中的变量名的链接,或者编写一个示例,更具体地说,我的代码如下所示:
private String getLastModified(String url) {
String lastModified = null;
ResultSet resultSet;
String query = "select LastModified from CacheTable where " +
" URL.equals(url)";
try {
resultSet = sqlStatement.executeQuery(query);
}
Now I need the syntax that enables me to return a ResultSet object where URL in the cacheTable equals url from the method's argument.
现在我需要使我能够返回 ResultSet 对象的语法,其中 cacheTable 中的 URL 等于方法参数中的 url。
thanks
谢谢
采纳答案by Peter Lang
The easiest way would be
最简单的方法是
String query = "select LastModified from CacheTable where url = '" + url +"'";
You should use bind variables though:
你应该使用绑定变量:
String query = "select LastModified from CacheTable where url = ?";
prepStmt = conn.prepareStatement(query);
prepStmt.setString(1, url);
rs = prepStmt.executeQuery();
回答by CoolBeans
To take it one step further you should really use DBUtilsfrom apache-commons or Sping JDBCframework. A lot of JDBC work is mundane and error prone due to the number of steps involved with it. Both links have working examples for you to get started.
为了更进一步,您应该真正使用apache-commons 或Sping JDBC框架中的DBUtils。由于涉及的步骤数量多,许多 JDBC 工作是平凡且容易出错的。两个链接都有工作示例供您入门。
These helper libraries will make your life much more comfortable :-).
这些辅助库将使您的生活更加舒适:-)。
回答by BalusC
To clear a misconception: JDBC and SQL are two entirely different things. Databases only understand the SQL language. It's a (semi)standard which you can learn here. JDBC is just a Java API which enables you to execute SQL language using Java code. Nothing less, nothing more. JDBC is not a Java way of writing SQL language or so. It's just the messengerbetween Java code and the database. You can learn JDBC here.
澄清一个误解:JDBC 和 SQL 是两个完全不同的东西。数据库只理解 SQL 语言。这是一个(半)标准,你可以在这里学习。JDBC 只是一个 Java API,它使您能够使用 Java 代码执行 SQL 语言。不多不少,不多不少。JDBC 不是编写 SQL 语言的 Java 方式。它只是Java 代码和数据库之间的信使。您可以在此处学习 JDBC 。
That said, yes, the PreparedStatementis the way to go to set values in a SQL query. It not only eases setting fullworthy Java objects in a SQL string using the setXXX()methods, but it also saves you from SQL injectionattacks.
也就是说,是的,这PreparedStatement是在 SQL 查询中设置值的方法。它不仅可以使用这些setXXX()方法简化在 SQL 字符串中设置完全有价值的 Java 对象,而且还可以避免SQL 注入攻击。
