关闭

sql语句参数拼接Bug

290人阅读 评论(0) 收藏 举报
/**
* 根据keyWords和projectId和keyTerm获取频道id
* @param projectId
* @param keyWords
* @param keyTerm
* @return
*/
@SuppressWarnings("unchecked")
public long getChannelIdByKeywords(Long projectId ,String keyWords,String keyTerm){
long channelId = 0;
String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=" + projectId + " AND KEYWORD ='" + keyWords+ "'" + " AND KEYTERM ='" + keyTerm+ "'";
try{
List<Map> list = jdbcTemplateIWM.queryForList(sql);
if(list != null && list.size() != 0){
Map map = list.get(0);
channelId = StringUtil.convertStrToLong(map.get("T_SERVICE_ID").toString(), 0);
}
return channelId;
}catch(Exception e){
e.printStackTrace();
return 0;
}

}

String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=" + projectId + " AND KEYWORD ='" + keyWords+ "'" + " AND KEYTERM ='" + keyTerm+ "'";

这句代码的Bug就是如果,我的keyWord里面有特殊字符,如可口可乐'好喝',单引号啥的,就会查不出来结果,那么

就需要这么改动:String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=? AND KEYWORD =? AND KEYTERM =?";

List<Map> list = jdbcTemplateIWM.queryForList(sql,new Object[]{projectId,keyWords,keyTerm});

这样就OK了。

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:1008次
    • 积分:33
    • 等级:
    • 排名:千里之外
    • 原创:2篇
    • 转载:2篇
    • 译文:0篇
    • 评论:0条
    文章分类
    文章存档