将SQL中的LIKE子句转换为Java的PrepareStatement。

huangapple go评论136阅读模式
英文:

Convert SQL LIKE clause to JAVA PrepareStatement

问题

以下是您要翻译的内容:

原始代码:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
    String sql = "";

    if (request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("")) {
        sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
        sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    } else {                
        sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
        sql += "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%" + request_date + "%' ";
        sql += "AND REPRINTLOG_STATEMENT_TYPE LIKE '%" + statement_type + "%' ";
        sql += "AND REPRINTLOG_OPTION_TYPE LIKE '%" + option_type + "%' ";
        sql += "AND REPRINTLOG_CUSTOMER_NO LIKE '%" + cust_no + "%' ";
        sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    }        
    return jdbcTemplate.queryForObject(sql, Integer.class);
}

更改后的代码:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
    String sql = "";

    if (request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("")) {
        sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
        sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    } else {                
        sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
        sql += "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%' || ? || '%' ";
        sql += "AND REPRINTLOG_STATEMENT_TYPE LIKE '%' || ? || '%' ";
        sql += "AND REPRINTLOG_OPTION_TYPE LIKE '%' || ? || '%' ";
        sql += "AND REPRINTLOG_CUSTOMER_NO LIKE '%' || ? || '%' ";
        sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    }        
    return jdbcTemplate.queryForObject(sql, new Object[]{request_date, statement_type, option_type, cust_no}, Integer.class);
}

请注意,我已将原始代码中的字符串连接更改为使用占位符,并将值传递为参数。这有助于防止SQL注入攻击并提高代码的可读性。

英文:

I have a problem to convert existing code to PrepareStatement as code below.
In this case I'm using LIKE clause. My database is Oracle 19c.

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
    	String sql = "";

   	if ( request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("") ) {
    		sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
    		sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    	} else {    	 	        
	    	sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
			sql += "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%" + request_date +"%' ";
			sql += "AND REPRINTLOG_STATEMENT_TYPE LIKE '%" + statement_type +"%' ";
			sql += "AND REPRINTLOG_OPTION_TYPE LIKE '%" + option_type +"%' ";
			sql += "AND REPRINTLOG_CUSTOMER_NO LIKE '%" + cust_no +"%' ";
			sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    	}    	
    	return jdbcTemplate.queryForObject(sql, Integer.class);
    }

I tried this query after that it was logout and returns to the main page.

		public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
    	String sql = "";
    	
    	if ( request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("") ) {
    		sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
    		sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    	} else {    	 	        
	    	sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
			sql += "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%' || ? || '%' ";
			sql += "AND REPRINTLOG_STATEMENT_TYPE LIKE '%' || ? || '%' ";
			sql += "AND REPRINTLOG_OPTION_TYPE LIKE '%' || ? || '%' ";
			sql += "AND REPRINTLOG_CUSTOMER_NO LIKE '%' || ? || '%' ";
			sql += "ORDER BY REPRINTLOG_JOBID DESC ";
    	}    	
    	return jdbcTemplate.queryForObject(sql, new Object[]{request_date,statement_type,option_type,cust_no}, Integer.class);
    }

答案1

得分: 1

以下是翻译好的部分:

尝试类似这样的代码

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
    try (PreparedStatement stmt = cnt.prepareStatement(
                "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 "
                + "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_STATEMENT_TYPE LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_OPTION_TYPE LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_CUSTOMER_NO LIKE '%' || ? || '%' "
                + "ORDER BY REPRINTLOG_JOBID DESC ")) {
        stmt.setString(1, request_date);
        stmt.setString(2, statement_type);
        stmt.setString(3, option_type);
        stmt.setString(4, cust_no);
        try (ResultSet rs = stmt.executeQuery()) {
            rs.next();
            return rs.getInt(1);
        }
    }
}

如果要优化无约束条件的情况

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
    PreparedStatement stmt;
    boolean unconstrained = request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("");
    if (unconstrained) {
        stmt = cnt.prepareStatement(
                "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 "
                + "ORDER BY REPRINTLOG_JOBID DESC ");
    } else {
        stmt = cnt.prepareStatement(
                "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 "
                + "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_STATEMENT_TYPE LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_OPTION_TYPE LIKE '%' || ? || '%' "
                + "AND REPRINTLOG_CUSTOMER_NO LIKE '%' || ? || '%' "
                + "ORDER BY REPRINTLOG_JOBID DESC ");
    }
    try {
        if (!unconstrained) {
            stmt.setString(1, request_date);
            stmt.setString(2, statement_type);
            stmt.setString(3, option_type);
            stmt.setString(4, cust_no);
        }
        try (ResultSet rs = stmt.executeQuery()) {
            rs.next();
            return rs.getInt(1);
        }
    } finally {
        stmt.close();
    }
}

要进一步优化

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
    List<String> conds = new ArrayList<>();
    List<String> parms = new ArrayList<>();
    if (!request_date.equals("")) {
        conds.add("TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE '%' || ? || '%'");
        parms.add(request_date);
    }
    if (!request_date.equals("")) {
        conds.add("REPRINTLOG_STATEMENT_TYPE LIKE '%' || ? || '%'");
        parms.add(statement_type);
    }
    if (!request_date.equals("")) {
        conds.add("REPRINTLOG_OPTION_TYPE LIKE '%' || ? || '%'");
        parms.add(option_type);
    }
    if (!request_date.equals("")) {
        conds.add("REPRINTLOG_CUSTOMER_NO LIKE '%' || ? || '%'");
        parms.add(cust_no);
    }
    StringBuilder buf = new StringBuilder(
            "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ");
    if (!conds.isEmpty()) {
        buf.append("WHERE ");
        buf.append(conds.get(0));
        for (int i = 1; i < conds.size(); ++i) {
            buf.append(" AND ");
            buf.append(conds.get(i));
        }
    }
    try (PreparedStatement stmt = cnt.prepareStatement(buf.toString())) {
        for (int i = 0; i < parms.size(); ++i) {
            stmt.setString(i+1, parms.get(i));
        }
        try (ResultSet rs = stmt.executeQuery()) {
            rs.next();
            return rs.getInt(1);
        }
    }
}
英文:

Try something like this:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
try (PreparedStatement stmt = cnt.prepareStatement(
&quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;
+ &quot;WHERE TO_CHAR(REPRINTLOG_DATE,&#39;dd/mm/yyyy&#39;) LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_STATEMENT_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_OPTION_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_CUSTOMER_NO LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;ORDER BY REPRINTLOG_JOBID DESC &quot;)) {
stmt.setString(1, request_date);
stmt.setString(2, statement_type);
stmt.setString(3, option_type);
stmt.setString(4, cust_no);
try (ResultSet rs = stmt.executeQuery()) {
rs.next();
return rs.getInt(1);
}
}
}

If you want to optimise the unconstrained case:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
PreparedStatement stmt;
boolean unconstrained = request_date.equals(&quot;&quot;) &amp;&amp; statement_type.equals(&quot;&quot;) &amp;&amp; option_type.equals(&quot;&quot;) &amp;&amp; cust_no.equals(&quot;&quot;);
if ( unconstrained ) {
stmt = cnt.prepareStatement(
&quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;
+ &quot;ORDER BY REPRINTLOG_JOBID DESC &quot;);
} else {                    
stmt = cnt.prepareStatement(
&quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;
+ &quot;WHERE TO_CHAR(REPRINTLOG_DATE,&#39;dd/mm/yyyy&#39;) LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_STATEMENT_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_OPTION_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;AND REPRINTLOG_CUSTOMER_NO LIKE &#39;%&#39; || ? || &#39;%&#39; &quot;
+ &quot;ORDER BY REPRINTLOG_JOBID DESC &quot;);
}
try {
if (!unconstrained) {
stmt.setString(1, request_date);
stmt.setString(2, statement_type);
stmt.setString(3, option_type);
stmt.setString(4, cust_no);
}
try (ResultSet rs = stmt.executeQuery()) {
rs.next();
return rs.getInt(1);
}
} finally {
stmt.close();
}
}

To optimise a little more:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) throws SQLException {
List&lt;String&gt; conds = new ArrayList&lt;&gt;();
List&lt;String&gt; parms = new ArrayList&lt;&gt;();
if (!request_date.equals(&quot;&quot;)) {
conds.add(&quot;TO_CHAR(REPRINTLOG_DATE,&#39;dd/mm/yyyy&#39;) LIKE &#39;%&#39; || ? || &#39;%&#39;&quot;);
parms.add(request_date);
}
if (!request_date.equals(&quot;&quot;)) {
conds.add(&quot;REPRINTLOG_STATEMENT_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39;&quot;);
parms.add(statement_type);
}
if (!request_date.equals(&quot;&quot;)) {
conds.add(&quot;REPRINTLOG_OPTION_TYPE LIKE &#39;%&#39; || ? || &#39;%&#39;&quot;);
parms.add(option_type);
}
if (!request_date.equals(&quot;&quot;)) {
conds.add(&quot;REPRINTLOG_CUSTOMER_NO LIKE &#39;%&#39; || ? || &#39;%&#39;&quot;);
parms.add(cust_no);
}
StringBuilder buf = new StringBuilder(
&quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;);
if (!conds.isEmpty()) {
buf.append(&quot;WHERE &quot;);
buf.append(conds.get(0));
for (int i = 1; i &lt; conds.size(); ++i) {
buf.append(&quot; AND &quot;);
buf.append(conds.get(i));
}
}
try (PreparedStatement stmt = cnt.prepareStatement(buf.toString())) {
for (int i = 0; i &lt; parms.size(); ++i) {
stmt.setString(i+1, parms.get(i));
}
try (ResultSet rs = stmt.executeQuery()) {
rs.next();
return rs.getInt(1);
}
}
}

答案2

得分: 0

以下是翻译好的代码部分,不包括代码注释:

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
    String sql = "";
    Integer count = 0;

    Connection conn = null;
    PreparedStatement pstmt = null;
    ResultSet rs = null;

    try {
        conn = jdbcTemplate.getDataSource().getConnection();

        if (request_date.equals("") && statement_type.equals("") && option_type.equals("") && cust_no.equals("")) {
            sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
            sql += "ORDER BY REPRINTLOG_JOBID DESC ";
            pstmt = conn.prepareStatement(sql);
            rs = pstmt.executeQuery();
            while (rs.next()) {
                count = rs.getInt(1);
            }
        } else {
            sql += "SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 ";
            sql += "WHERE TO_CHAR(REPRINTLOG_DATE,'dd/mm/yyyy') LIKE ? ";
            sql += "AND REPRINTLOG_STATEMENT_TYPE LIKE ? ";
            sql += "AND REPRINTLOG_OPTION_TYPE LIKE ? ";
            sql += "AND REPRINTLOG_CUSTOMER_NO LIKE ? ";
            sql += "ORDER BY REPRINTLOG_JOBID DESC ";

            pstmt = conn.prepareStatement(sql);
            pstmt.setString(1, "%" + request_date + "%");
            pstmt.setString(2, "%" + statement_type + "%");
            pstmt.setString(3, "%" + option_type + "%");
            pstmt.setString(4, "%" + cust_no + "%");
            rs = pstmt.executeQuery();

            while (rs.next()) {
                count = rs.getInt(1);
            }
        }
    } catch (Exception e) {
        System.out.println("[reprintHistory count] Exception :" + e.getMessage());
        e.printStackTrace();
    } finally {
        if (rs != null) {
            try {
                rs.close();
                rs = null;
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        if (pstmt != null) {
            try {
                pstmt.close();
                pstmt = null;
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }

        try {
            if (conn != null && !conn.isClosed()) {
                conn.close();
                conn = null;
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }

    return count;
}
英文:

This is working for me.

public int getCountReprintHistory(String request_date, String statement_type, String option_type, String cust_no) {
String sql = &quot;&quot;;
Integer count=0;
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try{
conn = jdbcTemplate.getDataSource().getConnection();
if ( request_date.equals(&quot;&quot;) &amp;&amp; statement_type.equals(&quot;&quot;) &amp;&amp; option_type.equals(&quot;&quot;) &amp;&amp; cust_no.equals(&quot;&quot;) ) {
sql += &quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;;
sql += &quot;ORDER BY REPRINTLOG_JOBID DESC &quot;;
pstmt = conn.prepareStatement(sql);
rs = pstmt.executeQuery();
while(rs.next()){
count = rs.getInt(1);	 					
}
} else {    	 	        
sql += &quot;SELECT COUNT(REPRINTLOG_DATE) FROM TBL_REPRINT_HISTORY2 &quot;;
sql += &quot;WHERE TO_CHAR(REPRINTLOG_DATE,&#39;dd/mm/yyyy&#39;) LIKE ? &quot;;
sql += &quot;AND REPRINTLOG_STATEMENT_TYPE LIKE ? &quot;;
sql += &quot;AND REPRINTLOG_OPTION_TYPE LIKE ? &quot;;
sql += &quot;AND REPRINTLOG_CUSTOMER_NO LIKE ? &quot;;
sql += &quot;ORDER BY REPRINTLOG_JOBID DESC &quot;;
pstmt = conn.prepareStatement(sql);
pstmt.setString(1,&quot;%&quot;+request_date+ &quot;%&quot;);
pstmt.setString(2,&quot;%&quot;+ statement_type+ &quot;%&quot;);
pstmt.setString(3,&quot;%&quot;+ option_type+ &quot;%&quot;);
pstmt.setString(4,&quot;%&quot;+ cust_no+ &quot;%&quot;);
rs = pstmt.executeQuery();
while(rs.next()){
count = rs.getInt(1);	 					
}
}  
}catch(Exception e){
System.out.println(&quot;[reprintHistory count] Exception :&quot;+e.getMessage());
e.printStackTrace();  
} finally {
if (rs != null) {
try {
rs.close();
rs = null;
} catch (SQLException e) {
e.printStackTrace();;
}
}        
if (pstmt != null) {
try {
pstmt.close();
pstmt = null;
} catch (SQLException e) {
e.printStackTrace();
}
}
try {
if (conn!= null &amp;&amp; !conn.isClosed()){
conn.close();
conn= null;
}
} catch (SQLException e) {
e.printStackTrace();
}
}
return count;
} 

huangapple
  • 本文由 发表于 2023年3月9日 20:02:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/75684333.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定