public ArrayList<FeedObjects> GetFeeds(Connection connection) throws Exception
{
ArrayList<FeedObjects> feedData = new ArrayList<FeedObjects>();
try
{
//String uname = request.getParameter("uname");
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website ORDER BY id DESC");
//ps.setString(1,uname);
ResultSet rs = ps.executeQuery();
while(rs.next())
{
FeedObjects feedObject = new FeedObjects();
feedObject.SetId(rs.getInt("id"));
feedObject.setTitle(rs.getString("title"));
feedObject.setDescription(rs.getString("description"));
feedObject.setUrl(rs.getString("url"));
feedData.add(feedObject);
}
return feedData;
}
catch(Exception e)
{
throw e;
}
}
这是我的代码,我可以从中显示employee表中的所有数据。我想要写函数,这样如果我传递id,那么我将获得相应的列值。
例如,如果我们输入id = 1,那么它应该只显示id一个emp_name。
请帮助我并修改给定的功能,以便我可以实现它。
答案 0 :(得分:0)
然后添加WHERE clause
SELECT id,title,description,url FROM website where id= "+userId+"
返回具有该特定Id的记录,假设Id是唯一的。
看起来像
public ArrayList<FeedObjects> GetUserFeed(Connection connection, long userId)
throws Exception
所以现在你的函数需要接收userId作为参数。
注意:不要混用两种方法。写一个单独的方法来接收用户ID 以及接收所有Feed的常用方法。
答案 1 :(得分:0)
public ArrayList<FeedObjects> GetFeeds(Connection connection) throws Exception
{
ArrayList<FeedObjects> feedData = new ArrayList<FeedObjects>();
try
{
//String uname = request.getParameter("uname");
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website where id = "<PASS ID HERE>" ORDER BY id DESC");
//ps.setString(1,uname);
ResultSet rs = ps.executeQuery();
while(rs.next())
{
FeedObjects feedObject = new FeedObjects();
feedObject.SetId(rs.getInt("id"));
feedObject.setTitle(rs.getString("title"));
feedObject.setDescription(rs.getString("description"));
feedObject.setUrl(rs.getString("url"));
feedData.add(feedObject);
}
return feedData;
}
catch(Exception e)
{
throw e;
}
}
试试这个
答案 2 :(得分:0)
试试这个..
public ArrayList<FeedObjects> GetFeeds(Connection connection,int id) throws Exception
{
ArrayList<FeedObjects> feedData = new ArrayList<FeedObjects>();
try
{
//String uname = request.getParameter("uname");
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website where id=? ORDER BY id DESC");
ps.setInt(1,id);
ResultSet rs = ps.executeQuery();
while(rs.next())
{
FeedObjects feedObject = new FeedObjects();
feedObject.SetId(rs.getInt("id"));
feedObject.setTitle(rs.getString("title"));
feedObject.setDescription(rs.getString("description"));
feedObject.setUrl(rs.getString("url"));
feedData.add(feedObject);
}
return feedData;
}
catch(Exception e)
{
throw e;
}
}
答案 3 :(得分:0)
在SQL语句中添加WHERE ...
使用PreparedStatement时的正确方法是注入值而不是像这样添加它们
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website ORDER BY id DESC WHERE id=?");
ps.setInt(1, id); //you only have 1 '?' so the index is 1, if you had another it would be 2, etc
你当然需要将你的id传递给函数。
你最好注入PreparedStatement而不是像这样追加
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website ORDER BY id DESC WHERE id="+id);
因为那时你正在捕捉可能的SQL注入攻击。不是你现在可能不必担心的事情,但这是一种很好的做法。
答案 4 :(得分:0)
public ArrayList<FeedObjects> GetFeeds(Connection connection, int id) throws Exception {
//...
PreparedStatement ps = connection.prepareStatement("SELECT id,title,description,url FROM website where id = ?");
ps.setInt(1, id);
ResultSet rs = ps.executeQuery();
//...
}