static int R;
stmt = conn.createStatement();
String query = "SELECT Points.Name, Points.x, Points.y FROM Points + "WHERE Points.x>=" + (x-R) + " AND Points.x<="+ (x + R) + " AND Points.y>=" + (y - R) + " AND Points.y<="+ (y + R) + " AND Points.Name='" + name + "'";
rs = stmt.executeQuery(query);
有人可以帮助我将上述查询转换为另一个用于准备好的声明吗?
答案 0 :(得分:2)
尝试这样的事情:
PreparedStatement ps = null;
ps = con.prepareStatement("select concat(first_name,' ',last_name) as full_name from employee where salary between ? and ?");
int i=1;
ps.setInt(i++, 30000);
ps.setInt(i++, 40000);
rs = ps.executeQuery();
用&#34;?&#34;替换参数然后逐个添加。然后执行。
答案 1 :(得分:2)
static int R;
String query = "SELECT Points.Name, Points.x, Points.y FROM Points WHERE Points.x>= ? AND Points.x<= ? AND Points.y>= ? AND Points.y<= ? AND Points.Name= ?";
PreparedStatement stmt = conn.prepareStatement(query);
stmt.setString(1, x-R);
stmt.setString(2, x+R);
/* etc.. etc.. */
ResultSet rs = stmt.executeQuery();
while(rs.next()) {
/* read your RS and do stuff */
}
注意,为了正确利用PReparedStatement,通常会从您的类构造函数中设置/初始化所有PreparedStatement s。这样,一旦你构造了你的对象,你的语句就已经被发送到了数据库,数据库已经编译了你的语句并准备好接受你的参数化输入(setString(x, x);)。