如何在预备语句中使用变量进行sql查询?
我正在eclipse Java EE中做一个web应用程序项目。 目前,我的应用程序返回存储员工个人信息的数据库中的所有值。 但是,我设置了默认的预准备语句来搜索employee_id = 1234的表,而不是登录员工的employee_id。这意味着无论哪个员工登录我的系统,它都只会显示员工的个人信息ID为1234,如下面的预备声明所示:
PreparedStatement ps = con.prepareStatement("select employeeID, FirstName, LastName, Admin, DOB, Address, Email, HourlyRate, Gender, ALeaveBalance, SLeaveBalance, ActiveStatus, Role, BSB, BankName, AccNumber, SuperNumber, SuperCompany from payroll_system.employee_info where **employeeID = 1234**"); 请注意上面的employeeID如何设置为1234.这意味着我的程序(请参阅下面的代码)仅显示该员工的信息。 但是,我希望将employeeID设置为登录的人的id(登录由另一个servlet管理。如果有人可以帮助我,那将非常感谢,谢谢:)
import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.sql.*; public class PersonalInfoOutput extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); boolean st = false; try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/payroll_system", "root", ""); **PreparedStatement ps = con.prepareStatement("select employeeID, FirstName, LastName, Admin, DOB, Address, Email, HourlyRate, Gender, ALeaveBalance, SLeaveBalance, ActiveStatus, Role, BSB, BankName, AccNumber, SuperNumber, SuperCompany from payroll_system.employee_info where employeeID = 1234");** ResultSet rs = ps.executeQuery(); st = rs.next(); if(st){ boolean adminTrue = rs.getBoolean("Admin"); boolean activeTrue = rs.getBoolean("ActiveStatus"); out.println(""); out.println(""); out.println(" Personal Information "); out.println(""); out.println(""); out.println("Personal Information
"); out.println("" + "Employee ID: " + "" + rs.getString("employeeID") + "
"); out.println("" + "Name: " + "" + rs.getString("FirstName") + " " + rs.getString("LastName")+ "
"); if(adminTrue) { out.println(""+ "Admin: " + "" +"Yes" + "
"); } else { out.println(""+ "Admin: " + "" +"No" + "
"); } out.println("" + "Date of Birth: " +"" + rs.getString("DOB") + "
"); out.println("" + "Address: " + "" + rs.getString("Address") + "
"); out.println("" + "Email: " + "" + rs.getString("Email") + "
"); out.println("" + "Hourly Income: " + "" + "$" + rs.getString("HourlyRate") + "
"); out.println("" + "Gender: " + "" + rs.getString("Gender") + "
"); out.println("" + "Annual Leave Balance: " + "" + rs.getString("ALeaveBalance") + "
"); out.println("" + "Sick Leave Balance: " + "" + rs.getString("SLeaveBalance") + "
"); if(activeTrue) { out.println(""+ "Currently Active: " + "" +"Yes" + "
"); } else { out.println(""+ "Currently Active: " + "" +"No" + "
" ); } out.println("" + "Role: " +"" + rs.getString("Role") + "
"); out.println("" + "BSB: " + "" + rs.getString("BSB") + "
"); out.println("" + "Bank: " + "" + rs.getString("BankName") + "
"); out.println("" + "Bank Account Number: " + "" + rs.getString("AccNumber") + "
"); out.println("" + "Superannuation Company: " + "" + rs.getString("SuperCompany") + "
"); out.println("" + "Superannuation Number: " + ""+ rs.getString("SuperNumber") + "
"); } }catch(Exception e) { e.printStackTrace(); } out.close(); } }
将employeeID的值从之前的Servlet传递到当前的Servlet。
Replace id:1243 with placeHolder: ? .
然后设置它的值ps.setInt(1,"value that you got from previous servlet");
对PersonalInfoOutput.java的更改:
HttpSession session = request.getSession(false); if(session != null) { String employeeid = (String)session.getAttribute("employeeid"); }
至 :
HttpSession session = request.getSession(false); String employeeid=""; if(session != null) { employeeid = (String)session.getAttribute("employeeid"); }
您需要在准备好的语句中使用参数,例如:
PreparedStatement ps = con.prepareStatement("select ... where employeeID = ?"); ps.setInt(1, 1234);
或者使用命名参数:
PreparedStatement ps = con.prepareStatement("select ... where employeeID = :employeeId"); ps.setInt("employeeId", 1234);