Java 如何使用PreparedStatement和不区分大小写的搜索
1.如何为familyname和givenname使用PrepareStatement?Java 如何使用PreparedStatement和不区分大小写的搜索,java,postgresql,prepared-statement,case-insensitive,Java,Postgresql,Prepared Statement,Case Insensitive,1.如何为familyname和givenname使用PrepareStatement? 2.另外,如何按familyname或givenname进行不区分大小写的搜索? String query ="SELECT agent.familyname, agent.givenname" + " FROM agent" + " WHERE agent.agentid = piececreation.agentid" +
2.另外,如何按familyname或givenname进行不区分大小写的搜索?
String query ="SELECT agent.familyname, agent.givenname" +
" FROM agent" +
" WHERE agent.agentid = piececreation.agentid" +
" AND (LOWER(familyname) = '"+agent_lastname+"' OR LOWER(givenname) = '"+agent_name+"') ORDER by familyname";
PreparedStatement pst = conn.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
pst.setString(1, agent_lastname);
pst.setString(2, agent_name);
// Executing the insert
pst.executeUpdate();
将familyName或givenName也改为小写,因为您已经在使用LOWER DB API
String query ="SELECT agent.familyname, agent.givenname" +
" FROM agent" +
" WHERE agent.agentid = piececreation.agentid" +
" AND (LOWER(familyname) = '"+agent_lastname.toLowerCase()+"' OR LOWER(givenname) = '"+agent_name.toLowerCase()+"') ORDER by familyname";
当您使用PreparedStatement
时,不要直接在SQL中追加值,如果这样做,您很容易将值参数化
String query =
"SELECT agent.familyname, agent.givenname"
+ " FROM agent"
+ " WHERE agent.agentid = ?"
+ " AND ("
+ " LOWER(familyname) = ? OR LOWER(givenname) = ?"
+ ") "
+ " ORDER by familyname";
pst.setInt(1, piececreation.agentid);
pst.setString(2, agent_lastname.toLowerCase());
pst.setString(3, agent_name.toLowerCase());
然后根据定义设置调用适当setXXX方法的值
您可以阅读教程您可以使用以下查询进行CaseSensive搜索
String query =
"SELECT agent.familyname, agent.givenname"
+ " FROM agent"
+ " WHERE agent.agentid = ?"
+ " AND ("
+ " familyname ilike ? OR givenname ilike ?"
+ ") "
+ " ORDER by familyname";
pst.setInt(1, piececreation.agentid);
pst.setString(2, agent_lastname.toLowerCase());
pst.setString(3, agent_name.toLowerCase());
很酷,谢谢你,伙计!但我听说“+name+”容易受到SQL注入的攻击。那么我在这里如何使用PreparedStatement呢?有什么想法吗?PreparedStatement pst=conn.prepareStatement(查询);setString(1,agent_lastname.toLowerCase());pst.setString(2,agent_name.toLowerCase());//执行insert pst.executeUpdate();System.out.println(“查询”+查询);//控制台消息语句st=conn.createStatement();//连接语句ResultSet rs=st.executeQuery(查询);//执行我们的查询您还需要从何处设置代理ideverything?假设我使用AND,如果piececreation.agentid是整数?您可以使用
ilike
进行varchar值的case-insensive搜索