帮助请...如何更正此代码?如何使用内部连接更正搜索代码?
SELECT Products.ProductID, Products.Name, Categories.CatName, " +
"Products.Description, Products.Price FROM Products INNER JOIN Categories ON " +
"Products.CatID = Categories.CatID ORDER BY Products.Price DESC WHERE " + column + " LIKE '%" + keyword + "%'";
order by后应where条款
"SELECT Products.ProductID, Products.Name, Categories.CatName, " +
"Products.Description, Products.Price FROM Products INNER JOIN Categories ON " +
"Products.CatID = Categories.CatID " +
"WHERE " + column + " LIKE '%" + keyword + "%'";
"ORDER BY Products.Price DESC"
而其他评论说,你应该考虑使用SQLParameters避免SQL注入
防SQL注入你想要的代码?
如下:
"SELECT Products.ProductID, Products.Name, Categories.CatName, " +
"Products.Description, Products.Price FROM Products INNER JOIN Categories ON " +
"Products.CatID = Categories.CatID WHERE " + column +
"LIKE CONCAT('%'," + keyword + ",'%')" +
"ORDER BY Products.Price DESC";
起始报价(即双)应该在'SELECT'开始? – Edper
SQL – captainsac
应该有单引号SQL注入 – 3dd