JAVA方法,SQL语句模糊查询?

2024-11-17 14:22:29
推荐回答(5个)
回答(1):

这问题很眼熟
也可以这样:
String sql="select * from ARITCLE where type="+type+" and title like "++" and writer like "+writer+"";
改成
String sql="select * from ARITCLE where type="+type+" and title like '%"++"%' and writer like '%"+writer+"'%";
如果writer 这些参数是用户输入而且不经过处理的话
拼接字符串生成查询语句,会使SQL注入攻击变得相当容易

回答(2):

String tt="%"+title+"%"; String ww="%"+write+"%"; String sql="select * from ARITCLE where type="+type+" and title like ' "+tt+" 'and writer like ' "+ww+" ' ";如此而已

回答(3):

比如type传入2个值,writer传入一个值,写的时候同一个字段的先用or,用括号括起来,然后和其他条件用and。比如:select * from ARITCLE where (type like '%传入的type1%' or type like '%传入的type2%') and writer like '%传入的writer%'

回答(4):

String sql="select * from ARITCLE where type="+type+" and title like \'\%"+title+"\%\' and writer like \'\%"+writer+"\%\'"
楼上的思路是对的,但是Java中输出符号要用转义符 \ 的,应为在Java中 ' % 用自己的意思,所以要用 \' \% 来表示

回答(5):

="select * from ARITCLE where type=' "+type+" 'and title like ' "++" 'and writer like' "+writer+" ' ";还有你好像没有加%