如果查询是静态的(无参数),PreparedStatement正常工作,例如:
select * from RWEMP;
但如果我在搜索条件下使用以下代码:
SELECT * FROM RWEMP WHERE ENAME= ?
它没有显示任何内容,它只显示表格标题。
<FORM METHOD="get">
<INPUT TYPE="text" NAME="cond" SIZE=50>
</FORM> <br> <br>
<% String value = request.getParameter("cond");
if (value != null) { %>
<H3> Search results for <I> <%= value %> </I> </H3>
<% } %>
<%@page import="java.sql.*" %>
<%Class.forName("oracle.jdbc.driver.OracleDriver");
String sql="SELECT * FROM RWEMP WHERE ENAME= ?";
Connection con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE","hari","root");
PreparedStatement stat=con.prepareStatement(sql);
stat.setString(1,"value");
ResultSet rs=stat.executeQuery();
try {
if(rs!=null) {
%>
<table border=1 cellspan=60 cellpadding=16>
<tr>
<th> Emp ID </th>
<th> Emp Name </th>
<th> Emp Dept </th>
<th> Emp Area </th>
<th> Emp D.O.B </th>
<th> EMP Mobile </th>
<th> Emp Salary </th>
<th> EMP Wife </th>
</tr>
<%
while(rs.next()) {
%>
<tr>
<td><%= rs.getString("EID")%> </td>
<td><%= rs.getString("ENAME") %> </td>
<td><%= rs.getString("EDEPT")%> </td>
<td><%= rs.getString("EAREA")%> </td>
<td><%= rs.getString("EDOB")%> </td>
<td><%= rs.getString("EMOBILE")%> </td>
<td><%= rs.getString("ESAL")%> </td>
<td><%= rs.getString("ESPOUSE")%> </td>
</tr>
<%
}
}
}
catch(SQLException e) {
e.printStackTrace();
}
con.close();
%GT;
答案 0 :(得分:3)
将您的PreparedStatement查询参数绑定代码更改为
stat.setString(1, value); // no quotes
您需要搜索value变量包含的内容,而不是其名称和#34;值&#34;本身。