Jdbc 在复杂查询中使用Prepared语句
我试图使用Prepared语句来处理查询。问题是我有几个if-else语句根据用户输入更改查询 这是我的密码Jdbc 在复杂查询中使用Prepared语句,jdbc,prepared-statement,Jdbc,Prepared Statement,我试图使用Prepared语句来处理查询。问题是我有几个if-else语句根据用户输入更改查询 这是我的密码 if( !star_firstName.isEmpty() || !star_lastName.isEmpty() ){ baseQuery = "select m.id, title, year, director, banner_url, trailer_url from movies m, stars s
if( !star_firstName.isEmpty() || !star_lastName.isEmpty() ){
baseQuery = "select m.id, title, year, director, banner_url, trailer_url from movies m, stars s, stars_in_movies sim WHERE m.id=sim.movie_id AND s.id=sim.star_id";
}
if(!searchtext.isEmpty())
baseQuery = baseQuery + " AND upper(title) like '%" + searchtext.toUpperCase() + "%'" ;
if(!movie_year.isEmpty())
baseQuery = baseQuery + " AND year=" + movie_year;
if(!movie_director.isEmpty())
baseQuery = baseQuery + " AND upper(director) like '%" + movie_director.toUpperCase() + "%'";
if( !star_firstName.isEmpty())
baseQuery = baseQuery + " AND upper(first_name) like '%" + star_firstName.toUpperCase() + "%'" ;
if( !star_lastName.isEmpty())
baseQuery = baseQuery + " AND upper(last_name) like '%" + star_lastName.toUpperCase() + "%'" ;
if(!title1.isEmpty() ){
baseQuery = "SELECT m.id, title, year, director, banner_url, trailer_url FROM movies m where m.title like '" + title1 + "%" + "'";
}
if( !genre.isEmpty()){
baseQuery = "SELECT m.id, title, year, director, banner_url, trailer_url FROM movies m, genres g, genres_in_movies gim where g.id=gim.genre_id and m.id = gim.movie_id and g.name='" + genre + "'";
}
System.out.println(baseQuery);
ResultSet resultSet = statement.executeQuery(baseQuery);
在这种情况下,
PreparedStatement
对您没有帮助
PreparedStatement
只有在查询保持不变的情况下才有助于提高性能,而变化的只是常量
PreparedStatement
的另一个用途是避免SQL注入的危险。
如果这就是您所追求的,您可以这样继续(未经测试):
java.util.Vector params=new Vector();
StringBuffer baseQuery=新建StringBuffer(“选择…”);
...
如果(!dweebnoid.isEmpty()){
append(“和upper(dweebnoid)类似?”);
参数添加(“%”+dweebnoid+“%”);
}
...
java.sql.PreparedStatement pstmt=
conn.prepareStatement(baseQuery.toString());
对于(i=0;i您的问题是什么?哦,很抱歉,我忘了提出我的主要问题。代码片段可以工作,但我想通过使用PreparedStatement优化性能。我的问题是如何使用PreparedStatement实现相同的结果?谢谢,但如果您能告诉我如何在PreparedStatement中编写此代码,那就太好了。我想避免SQ我还添加了一个示例(假设所有参数都是字符串;根据需要调整代码)。