这是查询Java的选择查询字符串参数
String query =
"SELECT idPlayers
FROM pendu.players
WHERE first= 'Super'AND last='Man' AND pass=12345";
我想改变(第一=“超级”)到第一= tboxFirst.getText()等
谢谢你帮我
弗兰克
这是查询Java的选择查询字符串参数
String query =
"SELECT idPlayers
FROM pendu.players
WHERE first= 'Super'AND last='Man' AND pass=12345";
我想改变(第一=“超级”)到第一= tboxFirst.getText()等
谢谢你帮我
弗兰克
如果你使用一个字符串你可以创建这样有什么意义的字符串:
String query = "SELECT idPlayers FROM pendu.players WHERE first= '" + tboxFirst.getText() + "'AND last='Man' AND pass=12345";
您还应该看看PreparedStatement
,因为这是一个更好的解决方案。
String query =“SELECT idPlayers FROM pendu.players WHERE first =('”+ tboxFirst.getText()+“')AND pass = 12345”;
PreparedStatement pstmt = con.prepareStatement(
"SELECT idPlayers FROM pendu.players WHERE
first= ? AND last= ? AND pass=?");
pstmt.setString(1, tboxFirst.getText());
pstmt.setString(2, ....);
....
您可以使用
String query = "SELECT idPlayers FROM pendu.players WHERE first='"+tboxFirst.getText()+"'AND last='Man' AND pass=12345";
或
String query = String.format(SELECT idPlayers FROM pendu.players WHERE first='%s'AND last='Man' AND pass=12345", tboxFirst.getText());
如果你正在使用JDBC,你可以使用PreparedStatement的
PreparedStatement pstmt = con.prepareStatement("SELECT idPlayers FROM pendu.players WHERE first=? AND last=? AND pass=?");
pstmt.setString(1, "Super");
pstmt.setString(2, "Man");
pstmt.setString(3, "12345");
采取twain的建议准备好的陈述。这只是尖叫SQL注入。 – 2012-04-16 00:29:13
是啊 - 如果有人进入**'foo',你会发生什么;从pendu.players中删除; **到文本框中? – Bohemian 2012-04-16 00:31:26