使用jdbcTemplate.update(sql, array);
防止sql注入
public Object updateCarGroup(CarGroupInfo carGroupInfo) {
try {
List<Object> param= new LinkedList<>();
String sql = "UPDATE car_group_manage SET ";
if (carGroupInfo.getBgroupId() != null && !carGroupInfo.getBgroupId().equals("")) {
sql += "bgroup_id= ? ";
param.add(carGroupInfo.getBgroupId());
}
if (carGroupInfo.getName() != null && !carGroupInfo.getName().equals("")) {
sql += ",name= ? ";
param.add(carGroupInfo.getName());
}
if (carGroupInfo.getWorkArea() != null) {
sql += ",work_area= ? ";
param.add(carGroupInfo.getWorkArea());
}
if (carGroupInfo.getOwnArea() != null && 0 != carGroupInfo.getOwnArea()) {
sql += ",own_area= ? ";
param.add(carGroupInfo.getOwnArea());
}
sql += ",update_time=now() where id=?";
param.add(carGroupInfo.getId());
jdbcTemplate.update(sql, param.toArray()));
} catch (Exception e) {
return new RRException(RongRunErrorCodeEnum.SYSTEM_ERROR).getCodeMsg();
}
return new RRException(RongRunErrorCodeEnum.SUCCESS).getCodeMsg();
}