javaʱ¼äº¯Êý£¬ÒÔ¼° sql ʱ¼ä·¶Î§²éÕÒ ´úÂë
String keyword = request.getParameter("keyword");
String timeRange = request.getParameter("timeRange");
String type = request.getParameter("type");
StringBuffer sql = new StringBuffer();
sql.append("use webstation_leadall select f.id,f.title,f.publishtime from information f left join infotype t on f.typeid=t.id where ");
if( (keyword == null)|| (keyword.equals("")) ){
sql.append("title like '%' and ");
}else {
sql.append("title like '%"+keyword +"%' and ");
}
if(timeRange.equals("")||timeRange==null){
sql.append("");
}else{
//Calendar cal = Calendar.getInstance();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd kk:mm:ss");
//String now = sdf.format(cal.getTime());
String begintime = "";
String endtime = "";
java.util.Date myDate=new java.util.Date();
long myTime = 0;
if(timeRange.equals("1")){
myTime=((myDate.getTime()/1000)-60*60*24)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("3")){
myTime=((myDate.getTime()/1000)-60*60*24*3)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("7")){
myTime=((myDate.getTime()/1000)-60*60*24*7)*1000;
&n
Ïà¹ØÎĵµ£º
Óŵã:×ֶνÏÉÙ£¬ÓÐÔöɾ¸Ä²é¹¦ÄÜ£¬²»¹ý²éѯ̫Áýͳ¡£
ȱµã:
1.²»ËãÊÇÔÚºÜÕýµÄÎÞÏÞ·ÖÀà,ClassPathÕâ¸ö×ֶζ¨ÒåÏÞÖÆ¡£
2.Ö÷¼üCLASSID²»ÊÇ×ÔÔöµÄ£¬Ê¹ÓÃCODESMITHÅúÁ¿Éú³É¶à²ã¼Ü¹¹´úÂëÖлᵼÖ³ö´í¡£
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[ArticleClass]') and OBJECTPROPERTY(id, N'IsUse ......
ÔÚʹÓÃNHibernate¹ý³ÌÖо³£»áʹÓõ½¸´ÔÓµÄsql²éѯ£¬µ«ÊÇʹÓÃhqlÓֱȽÏÂé·³µÄÇé¿öÏ£¬ÎÒÃÇÍùÍù¶¼»áÏëµ½²ÉÓÃÔʼµÄsqlÀ´Ö´ÐС£µ«ÊÇÈçºÎÀûÓÃNHibernateÀ´Ö´ÐÐsqlÄØ£¿ÎÊÌâÀ´ÁË£¬ÔÚNHibernateÖÐÒ²ÓÐAdoTemplateµÄ·½·¨¿ÉÒÔÖ´ÐÐsqlµÄ£¬µ«ÊÇÕâÀïÒª½éÉܵÄÊÇÁíÍâÒ»ÖÖ·½·¨£ºCreateSQLQuery¡£ÒÔϲ¿·ÖÀý×ÓÔ´×ÔÓÚÍøÂç¡£
ʵÀýÒ»£¨Ô´×ÔÓÚ ......
Ò»¡¢¼òµ¥²éѯ
¡¡¡¡ ¼òµ¥µÄTransact-SQL²éѯֻ°üÀ¨Ñ¡ÔñÁÐ±í¡¢from×Ó¾äºÍWHERE×Ӿ䡣
ËüÃÇ·Ö±ð˵Ã÷Ëù²éѯÁС¢²éѯµÄ
±í»òÊÓͼ¡¢ÒÔ¼°ËÑË÷Ìõ¼þµÈ¡£
ÀýÈ磬ÏÂÃæµÄÓï¾ä²éѯtesttable±íÖÐÐÕÃûΪ“ÕÅÈý”µÄnickname×ֶκÍemail×ֶΡ£
SELECT nickname,email
from testtable WHERE name='ÕÅÈý'
(Ò»)Ñ¡ÔñÁбí
¡ ......
CREATE Table <±íÃû>
£¨[<ÁÐÃû1>] ÀàÐÍ (³¤¶È) [ȱʡֵ][Áм¶Ô¼Êø]
[£¬<ÁÐÃû2> Êý¾ÝÀàÐÍ[ȱʡֵ][Áм¶Ô¼Êø]]….
[£¬UNIQUE£¨ÁÐÃû[£¬ÁÐÃû]….£©]
[£¬PRIMARY KEY£¨ÁÐÃû[£¬ÁÐÃû]…£©]
&n ......
¡¾ÔÎĵØÖ·¡¿Tip/Trick: Guard Against SQL Injection Attacks
¡¾ÔÎÄ·¢±íÈÕÆÚ¡¿ Saturday, September 30, 2006 9:11 AM
SQL×¢Èë¹¥»÷ÊǷdz£ÁîÈËÌÖÑáµÄ°²È«Â©¶´£¬ÊÇËùÓеÄweb¿ª·¢ÈËÔ±£¬²»¹ÜÊÇʲôƽ̨£¬¼¼Êõ£¬»¹ÊÇÊý¾Ý²ã£¬ÐèҪȷÐÅËûÃÇÀí½âºÍ·ÀÖ¹µÄ¶«Î÷¡£²»ÐÒµÄÊÇ£¬¿ª·¢ÈËÔ±ÍùÍù²»¼¯Öл¨µãʱ¼äÔÚÕâÉÏÃ棬ÒÔÖÁËûÃǵÄÓ¦Ó㬠......
