Sql语句占位符?的使用
在书写sql语句时,常常用
?
作为占位符来使用,因为可以防止sql注入,所表示的内容不会被解析成sql的关键字!但在某些情况下,你的sql语句中需要包含sql语句中的关键字时,这时候再使用占位符,可能会引发错误!
例如:
QueryRunner queryRunner = new QueryRunner(DruidUtils.getDataSource());
row= queryRunner.update("delete from user where uid in (?)", uidStr);
当uidStr="2,4"
时,执行sql语句时,就会报错!
java.sql.SQLException: Data truncation: Truncated incorrect DOUBLE value: '3,4' Query: delete from user where uid in (?) Parameters: [3,4]
因为此时2和4之间的逗号不会被解析成sql中的逗号,所以会引发错误
解决方法:
row= queryRunner.update("delete from user where uid in ("+uidStr+")");
row= queryRunner.update("delete from user where uid in ("+uidStr+")");