rs = stmt.executeQuery("select c1.itemname,c1.itemcalorie,p.restname,p.location from categorie1 c1 ,Place p
where p.pincode = '" + pincode1 + "' and c1.itemid IN
("select c1.itemid from categorie1 c1 where c1.itemcalorie <='" + cal1 + "' and c1.itemcalorie >='" + cal1-400 + "' and c1.restid = p.restid ") ");
答案 0 :(得分:0)
你有太多的额外报价:
rs = stmt.executeQuery(
"
SELECT c1.itemname,
c1.itemcalorie,
p.restname,
p.location
FROM categorie1 c1,
place p
WHERE p.pincode = '" + pincode1 + "'
AND c1.itemid IN (SELECT c1.itemid
FROM categorie1 c1
WHERE c1.itemcalorie <= '" + cal1 + "'
AND c1.itemcalorie >= '" + cal1-400 + "'
AND c1.restid = p.restid)
"
);
我不确定这是哪种语言(我希望它不是javascript)但代码不安全,请参阅参数化查询。