正确的写法:
public MnsPatient getPatientByPatientID(String patientid) throws DataAccessException { String sql = "SELECT id,patient_id,issports,call_time,filtering_code,station_id,organization_id,employee_id FROM mns_patient where patient_id=?'; return this.get(sql,new Object[]{patientid}); }
下面的这种写法是错误的:
public MnsPatient getPatientByPatientID(String patientid) throws DataAccessException { String sql = "SELECT id,patient_id,issports,call_time,filtering_code,station_id,organization_id,employee_id FROM mns_patient where patient_id='"+patientid+"'; return this.get(sql,null); }