sql语句参数拼接Bug

/**
* 根据keyWords和projectId和keyTerm获取频道id
* @param projectId
* @param keyWords
* @param keyTerm
* @return
*/
@SuppressWarnings("unchecked")
public long getChannelIdByKeywords(Long projectId ,String keyWords,String keyTerm){
long channelId = 0;
String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=" + projectId + " AND KEYWORD ='" + keyWords+ "'" + " AND KEYTERM ='" + keyTerm+ "'";
try{
List<Map> list = jdbcTemplateIWM.queryForList(sql);
if(list != null && list.size() != 0){
Map map = list.get(0);
channelId = StringUtil.convertStrToLong(map.get("T_SERVICE_ID").toString(), 0);
}
return channelId;
}catch(Exception e){
e.printStackTrace();
return 0;
}

}

String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=" + projectId + " AND KEYWORD ='" + keyWords+ "'" + " AND KEYTERM ='" + keyTerm+ "'";

这句代码的Bug就是如果,我的keyWord里面有特殊字符,如可口可乐'好喝',单引号啥的,就会查不出来结果,那么

就需要这么改动:String sql = "SELECT T_SERVICE_ID FROM " + IWMDATA_schema + ".DC_PROJECT WHERE PROJECT_ID=? AND KEYWORD =? AND KEYTERM =?";

List<Map> list = jdbcTemplateIWM.queryForList(sql,new Object[]{projectId,keyWords,keyTerm});

这样就OK了。

阅读更多
上一篇Sping的三种注入方式
下一篇MD5加密应用
博主设置当前文章不允许评论。

sql语句拼接+游标技术

2010年07月02日 1KB 下载

没有更多推荐了,返回首页

关闭
关闭