Now companies often use PreparedStatement to prevent sql injection, but sometimes the set parameters forget to look at it, make a record, and read the blog directly next time
// 代码块
PreparedStatement statement = null;
DruidPooledConnection connection = null;
connection = this.getUCDruidConnection();
String sql="select * from xxxx where xx=? and xx=? and xx=? and xx=? and xxx=? and xxx=? and xxx=? and xxx=? and xxx=?";
statement = connection.prepareStatement(sql);
statement.setInt(1, xxx);
statement.setInt(2, xxx);
After opening, you can see the parameters we stored:
expand the parameters, you can see the set value: