Problem description:
In doing query information, there are a number of conditions can be selected. Of which not every choice is mandatory, the need for queries based on your requirements.
such as:
Users can according to their needs, you can choose the parameter query, we have several all cases
- No arguments, all queries
- Hometown mailbox name + +
- Birthplace name +
- Name E-mail +
- Hometown mail +
- Full name
- Birthplace
- mailbox
If you are using fixed sql statement, to be used eight different sql statement. And to judge character input, together sql statement and the judge sentences will appear very long code, unsightly endless reading.
Solution:
Thinking:
- sql is changing, so think of using StringBuilder. StringBuilder stitching strings'
- Also determine the user's input, according to various different inputs splicing sql
- To prevent problems sql injection, the use of PreparedStatement object to execute sql sql execution
- When splicing splicing parameters need to remember the order of (name + first name of place of origin, place of origin after), in order to give the sql? Assignment, use the list to a set of parameters saved.
Code:
UserDao class {public
/ **
* to query user information based on parameters
* @param name
* @param Birthplace
* @param mail
* @return User objects
* /
public static the User queryUser (String name, String address, String Email) {
// 1. processing sql
// 1.1 Analyzing parameters entered by the user, and splicing sql statement
StringBuilder sql = new StringBuilder ( "select * from user where 1 = 1"); // 1 = 1 for no input parameters Search
List < String> List = new new ArrayList <> ()
IF (! = null && name.trim name () isEmpty ()!. ) {
sql.append ( "and name =?");
list.add (name);
}
IF (address = null && address.trim () isEmpty ()!!.) {
Sql.append ( "address and =?");
List.add (address);
}
! IF (In Email In Email = null &&!. . TRIM () isEmpty ()) {
sql.append (and in Email =);?
List.add (in Email);
}
sql.append ( ";");
// 2. operation database (using a database connection pool Druid , wrote his tools,)
connection Conn = null;
PreparedStatment pstmt = null;
the ResultSet RS = null;
the User User = null;
the try {
// get the data connection object 2.1
Conn JDBCUtil.getConnection = ();
// Get 2.2 sql execution object
pstmt = conn.prepareStatement (sql.toString ());
// set sql of 2.3? The value
for (int I =. 1; I <= list.size (); I ++) {
pstmt.setString (I, List.get (I -. 1));
}
// 2.4 sql statement execution
rs = pstmt.executeQuery ();
user = resultSetToUser (rs); // resultSetToUser () is a method of converting a user object from a set to write the result to the
} catch (omitted) {
omitted
} finally {
JDBCUtil.close(conn, pstmt, rs);
}
return user;
}
}
Database connection pool (Druid) of tools:
