这在里求JDBC中PreparedStatement的实现,我想不会是这样来拼接。
?替换处理前:
?替换处理后:
package com.dicmo.test;
import java.util.ArrayList;
import java.util.List;
public class PreparedStatement{
private String sql;
public String getSql() {
return sql;
}
public void setSql(String sql) {
this.sql = sql;
}
PreparedStatement(String sql){
this.sql = sql;
}
public void setInt(int index,int value){
List <Integer> indexList = new ArrayList<Integer>();
char [] sqlArray = sql.toCharArray();
for (int i=0;i<sqlArray.length;i++){
if('?'==sqlArray[i]){
indexList.add(i);
}
}
sql = sql.substring(0,Integer.parseInt(indexList.get(index-1).toString()))
+"?"+value+sql.substring(Integer.parseInt(indexList.get(index-1).toString())+1);
System.out.println(sql);
}
public void setString(int index,String value){
List <Integer> indexList = new ArrayList<Integer>();
char [] sqlArray = sql.toCharArray();
for (int i=0;i<sqlArray.length;i++){
if('?'==sqlArray[i]){
indexList.add(i);
}
}
//这里使用?继续做占位符,保持参数的位置不变
//在最后面把?全替换掉
sql = sql.substring(0,Integer.parseInt(indexList.get(index-1).toString()))
+"?\'"+value+"\'"+sql.substring(Integer.parseInt(indexList.get(index-1).toString())+1);
}
public String makeNewSql(String sql){
char [] a = sql.toCharArray();
for(int i=0;i<a.length;i++){
if('?'==a[i]){
a[i]=' ';
}
}
String newSQL = new String(a).replaceAll(" "," ");
return newSQL;
}
public static void main(String [] args){
String sql ="SELECT * FROM user WHERE id = ? AND name = ? AND sex = ? And age = ? AND title = ?";
PreparedStatement ps = new PreparedStatement(sql);
//这里的setXXX可以是任意顺序。前面的?占位符起了作用。
//如:ps.SetXXX(2,xxx);
// ps.SetXXX(1,xxx);
ps.setInt( 1, 2);
ps.setString( 2, "dicmo");
ps.setString( 3, "男");
ps.setInt(4, 10);
ps.setString(5, "JAVA fan");
System.out.println(ps.makeNewSql(ps.getSql()));
}
}
?替换处理前:
SELECT * FROM user WHERE id = ?2 AND name = ?'dicmo' AND sex = ?'男' AND age = ?10 AND title = ?'JAVA fan'
?替换处理后:
SELECT * FROM user WHERE id = 2 AND name = 'dicmo' AND sex = '男' AND age = 10 AND title = 'JAVA fan'