Java 从特定sql语句获取true(1)或false(0)
我需要以下代码的帮助,让它返回真值或假值。任何和所有的帮助都将不胜感激Java 从特定sql语句获取true(1)或false(0),java,mysql,Java,Mysql,我需要以下代码的帮助,让它返回真值或假值。任何和所有的帮助都将不胜感激 public synchronized static boolean checkCompanyName(String companyName, Statement statement) { try { ResultSet res = statement .executeQuery("SELECT `companyName` FROM `comp
public synchronized static boolean checkCompanyName(String companyName,
Statement statement) {
try {
ResultSet res = statement
.executeQuery("SELECT `companyName` FROM `companys` WHERE companyName = '"
+ companyName + "';");
boolean containsCompany = res.next();
res.close();
return containsCompany;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
请尝试按以下方式进行查询:
ResultSet res = statement.executeQuery("SELECT companyName FROM companys WHERE companyName = " + companyName);
或者你可以准备一份比之前更好的声明,两条评论:
您只需检查是否至少有一行符合您的条件,就可以使用
您的代码容易受到SQL注入攻击。请阅读以了解更多信息。
避免SQL注入攻击的最简单方法是使用。因此,让我用一块石头击打两只鸟,并用它们给你一个解决方案:
/*
Check if the company exists.
Parameters:
conn - The connection to your database
company - The name of the company
Returns:
true if the company exists, false otherwise
*/
public static boolean checkCompanyName(Connection conn, String company) {
boolean ans = false;
try(PreparedStatement ps = conn.prepareStatement(
"select companyName from companies where companyName = ?"
) // The question mark is a place holder
) {
ps.setString(1, company); // You set the value for each place holder
// using setXXX() methods
try(ResultSet rs = ps.executeQuery()) {
ans = rs.first();
} catch(SQLException e) {
// Handle the exception here
}
} catch(SQLException e) {
// Handle the exception here
}
return ans;
}
建议案文如下:
应该使用PreparedStatement将连接传递到方法。此外,您应该从ResultSet中检索该值,并验证它是否与您的companyName匹配。差不多
static final String query = "SELECT `companyName` FROM "
+ "`companys` WHERE companyName = ?";
public synchronized static boolean checkCompanyName(String companyName,
Connection conn) {
PreparedStatement ps = null;
ResultSet rs = null;
try {
ps = conn.prepareStatement(query);
ps.setString(1, companyName);
rs = ps.executeQuery();
if (rs.next()) {
String v = rs.getString(1);
return v.equals(companyName);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
}
}
if (ps != null) {
try {
ps.close();
} catch (SQLException e) {
}
}
}
return false;
}
那么到底是什么问题呢?你有错误吗?请提供更多信息和任何错误。另外,如果使用JDBC,请使用PreparedStatement,而不是您现在的操作方式:-警告:SQL注入有风险!*使用事先准备好的陈述;阅读下面我的答案。看看我做的字符串,它没有像你做的那样不必要的“比较它们”