为什们说这段代码里面没有1?
public List<Goddes> query(String name,String id) throws Exception{
List<Goddes>result=new ArrayList<Goddes>();
Connection cnn=DbUtil.getConnection();
StringBuilder sb=new StringBuilder();
sb.append(" select*from yingxiong ");
sb.append("where name like ? and id like ");
PreparedStatement ptmt=cnn.prepareStatement(sb.toString());
ptmt.setString(1, "%"+name+"%");
ptmt.setString(2, "%"+id+"%");
System.out.println(sb.toString());
ResultSet rs=ptmt.executeQuery();
Goddes g=null;
while(rs.next()){
g=new Goddes();
g.setId(rs.getInt("id"));
g.setname(rs.getString("name"));
g.setSex(rs.getString("sex"));
g.setAge(rs.getInt("age"));
result.add(g);
}
return result;
}
初级阶段1回答
-
慕莱坞654189
sql语句里边的or是或的意思,如果'or'1'='1,程序照样过
随时随地看视频慕课网APP
相关分类
Java