Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/373.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
java中的sql:WHERE name=variable_Java_Sql - Fatal编程技术网
Fatal编程技术网
  • java/
  • java中的sql:WHERE name=variable

java中的sql:WHERE name=variable

java sql

java中的sql:WHERE name=variable,java,sql,Java,Sql,这是我的代码: public static List GetList(String myname) { . . ResultSet result = stmt.executeQuery("SELECT * FROM authors WHERE name = ?"); result.setString(myname); } 我想选择其中name=myname(myname是函数的输入) 我也试过这样的方法: WHERE name = @myname 但是它不起作

这是我的代码:

public static List GetList(String myname) {
    .
    .
    ResultSet result = stmt.executeQuery("SELECT * FROM authors WHERE name = ?");
    result.setString(myname);
}
我想选择其中name=myname(myname是函数的输入)

我也试过这样的方法:

WHERE name = @myname
但是它不起作用://p>试试这个:

ResultSet result = stmt.executeQuery("SELECT * FROM authors WHERE name = " + myname);
好的,更好的方法是使用
PreparedStatement
,以避免
SQL注入
:-

PreparedStatement stmt = con.prepareStatement("SELECT * FROM authors WHERE name = ?");
stmt.setString(1, myname);
ResultSet res = stmt.executeQuery();
但是,为了解决您的问题,您可以使用字符串连接:-

stmt.executeQuery("SELECT * FROM authors WHERE name = '" + myname + "'");
您不在结果上设置值,而是在语句上设置值:

如果我没弄错的话,你最好在这里准备好陈述:

PreparedStatement stmt = conn.prepareStatement("SELECT * FROM authors WHERE name = ?");
stmt.setString(1, myname);
ResultSet result = stmt.executeQuery();
这不是好的做法
PreparedStatement
是推荐的方法。 
PreparedStatement stmt = conn.prepareStatement("SELECT * FROM authors WHERE name = ?");
stmt.setString(1, myname);
ResultSet result = stmt.executeQuery();