Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/fortran/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 如何使用PreparedStatement和不区分大小写的搜索_Java_Postgresql_Prepared Statement_Case Insensitive - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 如何使用PreparedStatement和不区分大小写的搜索

Java 如何使用PreparedStatement和不区分大小写的搜索

java postgresql

Java 如何使用PreparedStatement和不区分大小写的搜索,java,postgresql,prepared-statement,case-insensitive,Java,Postgresql,Prepared Statement,Case Insensitive,1.如何为familyname和givenname使用PrepareStatement? 2.另外,如何按familyname或givenname进行不区分大小写的搜索? String query ="SELECT agent.familyname, agent.givenname" + " FROM agent" + " WHERE agent.agentid = piececreation.agentid" +

1.如何为familyname和givenname使用PrepareStatement?
2.另外,如何按familyname或givenname进行不区分大小写的搜索?

String query ="SELECT agent.familyname, agent.givenname" +
                    " FROM agent" +
                    " WHERE agent.agentid = piececreation.agentid" +
                    " AND (LOWER(familyname) = '"+agent_lastname+"' OR LOWER(givenname) = '"+agent_name+"') ORDER by familyname";


            PreparedStatement pst = conn.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
            pst.setString(1, agent_lastname);
            pst.setString(2, agent_name);
            // Executing the insert
            pst.executeUpdate();
将familyName或givenName也改为小写,因为您已经在使用LOWER DB API

String query ="SELECT agent.familyname, agent.givenname" +
                        " FROM agent" +
                        " WHERE agent.agentid = piececreation.agentid" +
                        " AND (LOWER(familyname) = '"+agent_lastname.toLowerCase()+"' OR LOWER(givenname) = '"+agent_name.toLowerCase()+"') ORDER by familyname";
当您使用
PreparedStatement
时,不要直接在SQL中追加值,如果这样做,您很容易将值参数化

String query = 
                "SELECT agent.familyname, agent.givenname"
                + " FROM agent"
                + " WHERE agent.agentid = ?"
                + " AND (" 
                + " LOWER(familyname) = ? OR LOWER(givenname) = ?" 
                + ") " 
                + " ORDER by familyname";


        pst.setInt(1, piececreation.agentid);
        pst.setString(2, agent_lastname.toLowerCase());
        pst.setString(3, agent_name.toLowerCase());
然后根据定义设置调用适当setXXX方法的值

您可以阅读教程

您可以使用以下查询进行CaseSensive搜索

String query = 
                "SELECT agent.familyname, agent.givenname"
                + " FROM agent"
                + " WHERE agent.agentid = ?"
                + " AND (" 
                + " familyname ilike ? OR givenname ilike ?" 
                + ") " 
                + " ORDER by familyname";


        pst.setInt(1, piececreation.agentid);
        pst.setString(2, agent_lastname.toLowerCase());
        pst.setString(3, agent_name.toLowerCase());
很酷,谢谢你,伙计!但我听说“+name+”容易受到SQL注入的攻击。那么我在这里如何使用PreparedStatement呢?有什么想法吗?PreparedStatement pst=conn.prepareStatement(查询);setString(1,agent_lastname.toLowerCase());pst.setString(2,agent_name.toLowerCase());//执行insert pst.executeUpdate();System.out.println(“查询”+查询);//控制台消息语句st=conn.createStatement();//连接语句ResultSet rs=st.executeQuery(查询);//执行我们的查询您还需要从何处设置代理ideverything?假设我使用AND,如果piececreation.agentid是整数?您可以使用
ilike
进行varchar值的case-insensive搜索