javaʱ¼äº¯Êý£¬ÒÔ¼° sql ʱ¼ä·¶Î§²éÕÒ ´úÂë
String keyword = request.getParameter("keyword");
String timeRange = request.getParameter("timeRange");
String type = request.getParameter("type");
StringBuffer sql = new StringBuffer();
sql.append("use webstation_leadall select f.id,f.title,f.publishtime from information f left join infotype t on f.typeid=t.id where ");
if( (keyword == null)|| (keyword.equals("")) ){
sql.append("title like '%' and ");
}else {
sql.append("title like '%"+keyword +"%' and ");
}
if(timeRange.equals("")||timeRange==null){
sql.append("");
}else{
//Calendar cal = Calendar.getInstance();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd kk:mm:ss");
//String now = sdf.format(cal.getTime());
String begintime = "";
String endtime = "";
java.util.Date myDate=new java.util.Date();
long myTime = 0;
if(timeRange.equals("1")){
myTime=((myDate.getTime()/1000)-60*60*24)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("3")){
myTime=((myDate.getTime()/1000)-60*60*24*3)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("7")){
myTime=((myDate.getTime()/1000)-60*60*24*7)*1000;
&n
Ïà¹ØÎĵµ£º
ÔÚʹÓÃNHibernate¹ý³ÌÖо³£»áʹÓõ½¸´ÔÓµÄsql²éѯ£¬µ«ÊÇʹÓÃhqlÓֱȽÏÂé·³µÄÇé¿öÏ£¬ÎÒÃÇÍùÍù¶¼»áÏëµ½²ÉÓÃÔʼµÄsqlÀ´Ö´ÐС£µ«ÊÇÈçºÎÀûÓÃNHibernateÀ´Ö´ÐÐsqlÄØ£¿ÎÊÌâÀ´ÁË£¬ÔÚNHibernateÖÐÒ²ÓÐAdoTemplateµÄ·½·¨¿ÉÒÔÖ´ÐÐsqlµÄ£¬µ«ÊÇÕâÀïÒª½éÉܵÄÊÇÁíÍâÒ»ÖÖ·½·¨£ºCreateSQLQuery¡£ÒÔϲ¿·ÖÀý×ÓÔ´×ÔÓÚÍøÂç¡£
ʵÀýÒ»£¨Ô´×ÔÓÚ ......
Ò»¡¢±í½á¹¹²éѯ
SELECT TOP (100) PERCENT a.name AS zdm,COLUMNPROPERTY(a.id, a.name, 'IsIdentity') AS bs ,
CASE WHEN EXISTS (SELECT 1 from dbo.sysindexes si INNER JOIN dbo.sysindexkeys sik ON si.id = sik.id
AND si.indid = sik.indid INNER JOIN dbo.syscolumns sc ON sc.id = sik.id AND sc. ......
Óï¾äÐÎʽ£º¡¡ SELECTTOP10*
fromTestTable
WHERE(ID>
¡¡¡¡¡¡¡¡¡¡(SELECTMAX(id)
¡¡¡¡¡¡¡¡from(SELECTTOP20id
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡fromTestTable
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ORDERBYid)AST))
ORDERBYID
SELECTTOPÒ³´óС*
fromTestTable
WHERE(ID>
¡¡¡¡¡¡¡¡¡¡(SELECTMAX(id)
¡¡¡¡¡¡¡¡from(SELECTTOPÒ³´óС*Ò³Êýid
¡¡¡¡¡ ......
if exists(select 1 from sysobjects where name='char_index')
drop function char_index
create function char_index(@string varchar(8000),@char varchar(10),@index smallint)
--@string:´ý²éÕÒ×Ö·û´®£¬@index:²éÕÒλÖÃ
returns smallint
as
begin
declare
@i tinyint,--µ±Ç°ÕÒµ½µÚ@i¸ö
......
¡¾ÔÎĵØÖ·¡¿Tip/Trick: Guard Against SQL Injection Attacks
¡¾ÔÎÄ·¢±íÈÕÆÚ¡¿ Saturday, September 30, 2006 9:11 AM
SQL×¢Èë¹¥»÷ÊǷdz£ÁîÈËÌÖÑáµÄ°²È«Â©¶´£¬ÊÇËùÓеÄweb¿ª·¢ÈËÔ±£¬²»¹ÜÊÇʲôƽ̨£¬¼¼Êõ£¬»¹ÊÇÊý¾Ý²ã£¬ÐèҪȷÐÅËûÃÇÀí½âºÍ·ÀÖ¹µÄ¶«Î÷¡£²»ÐÒµÄÊÇ£¬¿ª·¢ÈËÔ±ÍùÍù²»¼¯Öл¨µãʱ¼äÔÚÕâÉÏÃ棬ÒÔÖÁËûÃǵÄÓ¦Ó㬠......
