将语句转换为准备好的语句java

时间:2014-02-04 15:31:46

标签: java mysql sql

static int R;

stmt = conn.createStatement();

String query = "SELECT Points.Name, Points.x, Points.y FROM Points + "WHERE Points.x>=" + (x-R) + " AND Points.x<="+ (x + R) + " AND Points.y>=" + (y - R) + " AND Points.y<="+ (y + R) + " AND Points.Name='" + name + "'";

rs = stmt.executeQuery(query);

有人可以帮助我将上述查询转换为另一个用于准备好的声明吗?

2 个答案:

答案 0 :(得分:2)

尝试这样的事情:

PreparedStatement ps = null;
ps = con.prepareStatement("select concat(first_name,' ',last_name) as full_name from employee where salary between ? and ?");
int i=1;
ps.setInt(i++, 30000);
ps.setInt(i++, 40000);
rs = ps.executeQuery();

用&#34;?&#34;替换参数然后逐个添加。然后执行。

答案 1 :(得分:2)

static int R;

String query = "SELECT Points.Name, Points.x, Points.y FROM Points WHERE Points.x>= ? AND Points.x<= ? AND Points.y>= ? AND Points.y<= ? AND Points.Name= ?";

PreparedStatement stmt = conn.prepareStatement(query);

stmt.setString(1, x-R);
stmt.setString(2, x+R);
/* etc.. etc..  */
ResultSet rs = stmt.executeQuery();

while(rs.next()) {

    /* read your RS and do stuff */

}

注意,为了正确利用PReparedStatement,通常会从您的类构造函数中设置/初始化所有PreparedStatement s。这样,一旦你构造了你的对象,你的语句就已经被发送到了数据库,数据库已经编译了你的语句并准备好接受你的参数化输入(setString(x, x);)。