Warning: file_get_contents(/data/phpspider/zhask/data//catemap/3/sql-server-2005/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 从特定sql语句获取true(1)或false(0)_Java_Mysql - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 从特定sql语句获取true(1)或false(0)

Java 从特定sql语句获取true(1)或false(0)

java mysql

Java 从特定sql语句获取true(1)或false(0),java,mysql,Java,Mysql,我需要以下代码的帮助,让它返回真值或假值。任何和所有的帮助都将不胜感激 public synchronized static boolean checkCompanyName(String companyName, Statement statement) { try { ResultSet res = statement .executeQuery("SELECT `companyName` FROM `comp

我需要以下代码的帮助,让它返回真值或假值。任何和所有的帮助都将不胜感激

    public synchronized static boolean checkCompanyName(String companyName,
        Statement statement) {
    try {

        ResultSet res = statement
                .executeQuery("SELECT `companyName` FROM `companys` WHERE companyName = '"
                        + companyName + "';");
        boolean containsCompany = res.next();

        res.close();

        return containsCompany;

    } catch (Exception e) {
        e.printStackTrace();
        return false;
    }

}
请尝试按以下方式进行查询:

ResultSet res = statement.executeQuery("SELECT companyName FROM companys WHERE companyName = " + companyName);
或者你可以准备一份比之前更好的声明,两条评论:

您只需检查是否至少有一行符合您的条件,就可以使用 您的代码容易受到SQL注入攻击。请阅读以了解更多信息。 避免SQL注入攻击的最简单方法是使用。因此,让我用一块石头击打两只鸟,并用它们给你一个解决方案:

/*
Check if the company exists.
Parameters:
  conn    -  The connection to your database
  company - The name of the company
Returns:
  true if the company exists, false otherwise
*/
public static boolean checkCompanyName(Connection conn, String company) {
    boolean ans = false;
    try(PreparedStatement ps = conn.prepareStatement(
            "select companyName from companies where companyName = ?"
        ) // The question mark is a place holder
    ) {
        ps.setString(1, company); // You set the value for each place holder
                                  // using setXXX() methods
        try(ResultSet rs = ps.executeQuery()) {
            ans = rs.first();
        } catch(SQLException e) {
            // Handle the exception here
        }
    } catch(SQLException e) {
        // Handle the exception here
    }
    return ans;
}
建议案文如下:

应该使用PreparedStatement将连接传递到方法。此外,您应该从ResultSet中检索该值,并验证它是否与您的companyName匹配。差不多

static final String query = "SELECT `companyName` FROM "
    + "`companys` WHERE companyName = ?";

public synchronized static boolean checkCompanyName(String companyName,
        Connection conn) {
    PreparedStatement ps = null;
    ResultSet rs = null;
    try {
        ps = conn.prepareStatement(query);
        ps.setString(1, companyName);
        rs = ps.executeQuery();
        if (rs.next()) {
            String v = rs.getString(1);
            return v.equals(companyName);
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (rs != null) {
            try {
                rs.close();
            } catch (SQLException e) {
            }
        }
        if (ps != null) {
            try {
                ps.close();
            } catch (SQLException e) {
            }
        }
    }
    return false;
}
那么到底是什么问题呢?你有错误吗?请提供更多信息和任何错误。另外,如果使用JDBC,请使用PreparedStatement,而不是您现在的操作方式:-警告:SQL注入有风险!*使用事先准备好的陈述;阅读下面我的答案。看看我做的字符串,它没有像你做的那样不必要的“比较它们”