这问题很眼熟
也可以这样:
String sql="select * from ARITCLE where type="+type+" and title like "++" and writer like "+writer+"";
改成
String sql="select * from ARITCLE where type="+type+" and title like '%"++"%' and writer like '%"+writer+"'%";
如果writer 这些参数是用户输入而且不经过处理的话
拼接字符串生成查询语句,会使SQL注入攻击变得相当容易
String tt="%"+title+"%"; String ww="%"+write+"%"; String sql="select * from ARITCLE where type="+type+" and title like ' "+tt+" 'and writer like ' "+ww+" ' ";如此而已
比如type传入2个值,writer传入一个值,写的时候同一个字段的先用or,用括号括起来,然后和其他条件用and。比如:select * from ARITCLE where (type like '%传入的type1%' or type like '%传入的type2%') and writer like '%传入的writer%'
String sql="select * from ARITCLE where type="+type+" and title like \'\%"+title+"\%\' and writer like \'\%"+writer+"\%\'"
楼上的思路是对的,但是Java中输出符号要用转义符 \ 的,应为在Java中 ' % 用自己的意思,所以要用 \' \% 来表示
="select * from ARITCLE where type=' "+type+" 'and title like ' "++" 'and writer like' "+writer+" ' ";还有你好像没有加%
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024