UC知道jsp关于SQL字符串拼接
来源:百度知道 编辑:UC知道 时间:2024/05/10 08:28:31
public UserInfo getUserInfo(String uname,String upass) {
ResultSet rs = null;// 定义ResultSet对象
UserInfo user=new UserInfo();
String sql = "select * from UserInfo where uname="
+ "+'"uname"'+" + " and upass=" + "+'"upass"'+";
try {
rs = super.execuQuary(sql);
if (rs.next()) {
user.setUname(rs.getString("uname"));
user.setUpass(rs.getString("upass"));
}
} catch (SQLException ex) {
ex.printStackTrace();
} finally {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
return user;
}SQL参数那如果用字符串拼接的话应该这么写
ResultSet rs = null;// 定义ResultSet对象
UserInfo user=new UserInfo();
String sql = "select * from UserInfo where uname="
+ "+'"uname"'+" + " and upass=" + "+'"upass"'+";
try {
rs = super.execuQuary(sql);
if (rs.next()) {
user.setUname(rs.getString("uname"));
user.setUpass(rs.getString("upass"));
}
} catch (SQLException ex) {
ex.printStackTrace();
} finally {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
return user;
}SQL参数那如果用字符串拼接的话应该这么写
String sql = "select * from UserInfo where uname='"+uname + "' and upass='" +upass+"'";
应该是这样吧
String sql = "select * from UserInfo where uname='"
+uname+"' and upass='" + upass+"'";字符串拼的时候要多看,最好把SQL语句打出来看看哪里有问题
先回答问题:
答案:
String sql = "select * from UserInfo where uname="+uname + " and upass=" +upass;
从代码风格上看,你写的不太好。
super 这个变量从哪来的?
另外建议用PrepareStatement
String sql = "select * from UserInfo where uname="+ uname+ " and upass=" + upass;