模糊查询时用到prepareStatement在SQL语句里的问号如何写
模糊查询时用到prepareStatement在SQL语句里的问号怎么写
我用了prepareStatement(sql)来防止SQL注入问题,出入的SQL语句参数全部用?代替的,但是我有用到模糊查询不知道模糊查询的SQL语句的参数怎么用?取代。
我是这么写的,但是查不到结果,那位高手可以指点一下啊,先谢了:
select * from book_info where book_name like '%?%' and book_type like'%?%' and book_author like '%?%' and book_publisher like '%?%'
------解决方案--------------------
要+连接字符串
select * from book_info where book_name like '%'+?+'%' and book_type like'%'+?+'%' and book_author like '%'+?+'%' and book_publisher like '%'+?+'%'
------解决方案--------------------
select * from book_info where book_name like '%"+?+"%' and book_type like'"%+?+"%' and book_author like '%"+?+"%' and book_publisher like '%"+?+"%'
上面这样写就OK了
记得要多结贴!
------解决方案--------------------
我用了prepareStatement(sql)来防止SQL注入问题,出入的SQL语句参数全部用?代替的,但是我有用到模糊查询不知道模糊查询的SQL语句的参数怎么用?取代。
我是这么写的,但是查不到结果,那位高手可以指点一下啊,先谢了:
select * from book_info where book_name like '%?%' and book_type like'%?%' and book_author like '%?%' and book_publisher like '%?%'
------解决方案--------------------
要+连接字符串
select * from book_info where book_name like '%'+?+'%' and book_type like'%'+?+'%' and book_author like '%'+?+'%' and book_publisher like '%'+?+'%'
------解决方案--------------------
select * from book_info where book_name like '%"+?+"%' and book_type like'"%+?+"%' and book_author like '%"+?+"%' and book_publisher like '%"+?+"%'
上面这样写就OK了
记得要多结贴!
------解决方案--------------------