String sql = "select * from user where 1 = 1 ";
List<Object> params = new ArrayList<Object>();
if(!StringUtils.isEmpty(username)){
sql += " and username like ?";
params.add("%"+username+"%");
}
if(!StringUtils.isEmpty(email)){
sql +=" and email like ?";
params.add("%"+email+"%");
}
if(!StringUtils.isEmpty(company)){
sql +=" and company like ?";
params.add("%"+company+"%");
}
if(status != null){
sql += " and status = ?";
params.add(status);
}
if(duestatus != null){
if(duestatus == 1){
sql += " and date(duedate) < date(now())";
}else{
sql += " and date(duedate) > date(now())";
}
}
sql +=" order by regdate desc";
return db().findList(sql, page, size, params.toArray());
jfinal多条件查询防止SQL注入
猜你喜欢
转载自blog.csdn.net/huangbaokang/article/details/89961544
今日推荐
周排行