最近编了一个bean,是根据参数来动态的设置数据库参数.代码如下.
为了防止sql注入漏洞,所以用的了参数化查询.可是,一旦参数生效,查询结果肯定为零.可数据库中确实有符合条件的记录.我的 mysql .
private void queryByLocationTotal(String type,String address)
{
String sql= " " ;
if (! type.equals( "-1 "))
{
sql=sql + "( type= ? ) ";
}
if (! address.equals( "-1 "))
{
sql=sql + "( location = ? ) ";
}
if (! sql.equals( " "))
sql= " where " + sql;
String sql1= "select count(*) from friend " + sql;
dbHandler.open();
dbHandler.setQueryString(sql1);
Vector params = new Vector();
if (! type.equals( "-1 "))
{
params.addElement(type);
}
if (! address.equals( "-1 "))
{
params.addElement(address);
}
ResultSet rs = dbHandler.executeQuery(null);
//System.out.println(sql);
if (rs != null)
{
try
{
if (rs.next())
resultCount = rs.getInt(1);
if (rs!=null)
rs.close();
}catch(SQLException e)
{
e.printStackTrace();
}
}
else
{
resultCount = 0;
}