Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java从特定sql语句获取true(1)或false(0)

1 月 Questions & Answers

我需要以下代码的帮助,让它返回真值或假值。任何和所有的帮助都将不胜感激

    public synchronized static boolean checkCompanyName(String companyName,
        Statement statement) {
    try {

        ResultSet res = statement
                .executeQuery("SELECT `companyName` FROM `companys` WHERE companyName = '"
                        + companyName + "';");
        boolean containsCompany = res.next();

        res.close();

        return containsCompany;

    } catch (Exception e) {
        e.printStackTrace();
        return false;
    }

}

共 (3) 个答案

  1. # 1 楼答案

    您应该使用PreparedStatement(为此,将Connection传入方法)。此外,您应该从ResultSet中检索值,并验证它是否与companyName匹配。差不多

    static final String query = "SELECT `companyName` FROM "
    + "`companys` WHERE companyName = ?";

public synchronized static boolean checkCompanyName(String companyName,
        Connection conn) {
    PreparedStatement ps = null;
    ResultSet rs = null;
    try {
        ps = conn.prepareStatement(query);
        ps.setString(1, companyName);
        rs = ps.executeQuery();
        if (rs.next()) {
            String v = rs.getString(1);
            return v.equals(companyName);
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (rs != null) {
            try {
                rs.close();
            } catch (SQLException e) {
            }
        }
        if (ps != null) {
            try {
                ps.close();
            } catch (SQLException e) {
            }
        }
    }
    return false;
}
  2. # 2 楼答案

    试着这样提问:

    ResultSet res = statement.executeQuery("SELECT companyName FROM companys WHERE companyName = " + companyName);

    或者你可以选择PreparedStatement,这比你以前做的更好

  3. # 3 楼答案

    两条评论:

    1. 您只需要检查是否至少有一行符合您的条件,这样就可以使用^{}
    2. 您的代码容易受到SQL注入攻击。请阅读this了解更多信息

    避免SQL注入攻击的最简单方法是使用prepared statements。因此,让我用一块石头击打两只鸟,并用它们给你一个解决方案:

    /*
Check if the company exists.
Parameters:
  conn    -  The connection to your database
  company - The name of the company
Returns:
  true if the company exists, false otherwise
*/
public static boolean checkCompanyName(Connection conn, String company) {
    boolean ans = false;
    try(PreparedStatement ps = conn.prepareStatement(
            "select companyName from companies where companyName = ?"
        ) // The question mark is a place holder
    ) {
        ps.setString(1, company); // You set the value for each place holder
                                  // using setXXX() methods
        try(ResultSet rs = ps.executeQuery()) {
            ans = rs.first();
        } catch(SQLException e) {
            // Handle the exception here
        }
    } catch(SQLException e) {
        // Handle the exception here
    }
    return ans;
}

    建议如下: