-2

这是我的代码:

public static List GetList(String myname) {
    .
    .
    ResultSet result = stmt.executeQuery("SELECT * FROM authors WHERE name = ?");
    result.setString(myname);
}

我想选择其中 name = myname (myname 是函数的输入)。

我也尝试过类似的东西:

WHERE name = @myname

但它不起作用:/

4

4 回答 4

6

您没有在结果上设置值,而是在语句上设置值:

PreparedStatement pstmt = connection.prepareStatement("SELECT * FROM authors WHERE name = ?");
pstmt.setString(1, myname);
ResultSet result = pstmt.executeQuery();
于 2012-11-28T19:32:41.463 回答
4

好吧,更好的方法是使用PreparedStatement, 来避免SQL Injection:-

PreparedStatement stmt = con.prepareStatement("SELECT * FROM authors WHERE name = ?");
stmt.setString(1, myname);
ResultSet res = stmt.executeQuery();

但是,为了解决您的问题,您可以使用字符串连接:-

stmt.executeQuery("SELECT * FROM authors WHERE name = '" + myname + "'");
于 2012-11-28T19:32:19.507 回答
1

如果我没记错的话,你最好在这里准备好声明:

PreparedStatement stmt = conn.prepareStatement("SELECT * FROM authors WHERE name = ?");
stmt.setString(1, myname);
ResultSet result = stmt.executeQuery();
于 2012-11-28T19:36:19.913 回答
-1

试试这个:

ResultSet result = stmt.executeQuery("SELECT * FROM authors WHERE name = " + myname);
于 2012-11-28T19:32:07.620 回答