发表新帖
发表新帖

SQL select statement with where clause

前端 未结
关注
6 1292
醉话见心
醉话见心 2020-12-30 16:39

how would i write this sql statement without a hard coded value?

resultSet = statement
    .executeQuery(\"select * from myDatabase.myTable where name = \'jo
相关标签:
6条回答
  • 无人共我
    2020-12-30 17:17

    You are missing the single quotes around your string, your code corrected:

    String name = "john";
String sql = "select * from myDatabase.myTable where name = '" + name + "'";
// Examine the text of the query in the debugger, log it or print it out using System.out.println
resultSet = statement.executeQuery(sql);

    Print out / log text of the query before executing the query to see if it looks OK.

    If you are going to do a lot of similar queries where only the constant changes, consider using prepared statements

    0 讨论(0)
  • 执念已碎
    2020-12-30 17:21

    Put quotes around your name value since it's a string.

    "select * from myDatabase.myTable where name ='" + name + "'"
    0 讨论(0)
  • 深忆病人
    2020-12-30 17:25

    It is a terrible idea to construct SQL queries the way you currently do, as it opens the door to all sorts of SQL injection attacks. To do this properly, you'll have to use Prepared Statements instead. This will also resolve all sorts of escaping issues that you're evidently having at the moment.

    PreparedStatement statement = connection.prepareStatement("select * from myDatabase.myTable where name = ?");    
statement.setString(1, name);    
ResultSet resultSet = statement.executeQuery();

    Note that prepareStatement() is an expensive call (unless your application server uses statement caching and other similar facilities). Theoretically, it'd be best if you prepare the statement once, and then reuse it multiple times (though not concurrently):

    String[] names = new String[] {"Isaac", "Hello"};
PreparedStatement statement = connection.prepareStatement("select * from myDatabase.myTable where name = ?");

for (String name: names) {
    statement.setString(1, name);    
    ResultSet resultSet = statement.executeQuery();
    ...
    ...
    statement.clearParameters();
}
    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-30 17:27

    this should work:

    String name = "john"; 
resultSet = statement
    .executeQuery("select * from myDatabase.myTable where name =" + "'" + name + "'");
    0 讨论(0)
  • 无人共我
    2020-12-30 17:32

    Try the following :

    String name = "john"; 

resultSet = statement
      .executeQuery("select * from myDatabase.myTable where myTable.name = '" + name + "'");
    0 讨论(0)
  • 后悔当初
    2020-12-30 17:40

    you need to put quotes around the value ('john' instead of john)...

    0 讨论(0)
 看不清?
提交回复
热议问题