JDBC链接数据库,动态sql条件查询in查询防止sql注入;

// 表创建状态
if (StringUtils.isNotBlank(qo.getTabCreateStatus())) {
String[] statusArr =qo.getTabCreateStatus().split(",");
pageSql += " and b.tab_create_status in ( ";
countSql += " and b.tab_create_status in ( ";
for(int i=0;i<statusArr.length;i++){
pageSql +=((i>0) ? ",?" : "?");
countSql +=((i>0) ? ",?" : "?");
params.put(paramIndex++,statusArr[i]);
}
pageSql +=" )";
countSql+=" )";
}
posted @ 2019-12-25 17:41  superming168  阅读(1552)  评论(0编辑  收藏  举报