如果我需要使用准备好的陈述,该怎么办?
Statement statement = conn.createStatement();
String sql ="SELECT * FROM polls WHERE pollname LIKE '%"+search+"%' or side1 LIKE '%"+search+"%' or side2 LIKE '%"+search+"%' ORDER BY totalvotes DESC";
ResultSet resultSet = statement.executeQuery(sql);
if(resultSet.next() == false){
[使用PreparedStatement,使用?设置参数占位符,然后使用setXXX设置整个参数索引的参数值(参数索引从1开始,而不是0)。
下面的代码:
PreparedStatement preparedStatement = conn.prepareStatement(
"SELECT * FROM polls WHERE pollname LIKE ? or side1 LIKE ? or side2 LIKE ? ORDER BY totalvotes DESC");
String searchWizard = "%" + search + "%";
preparedStatement.setString(1, searchWizard);
preparedStatement.setString(2, searchWizard);
preparedStatement.setString(3, searchWizard);
ResultSet resultSet = preparedStatement.executeQuery();